Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/palp-2.20/Rat.c
Examining data/palp-2.20/Nefpart.c
Examining data/palp-2.20/Nef.h
Examining data/palp-2.20/Mori.h
Examining data/palp-2.20/poly.c
Examining data/palp-2.20/Coord.c
Examining data/palp-2.20/nef.c
Examining data/palp-2.20/SingularInput.c
Examining data/palp-2.20/E_Poly.c
Examining data/palp-2.20/Subdb.c
Examining data/palp-2.20/Global.h
Examining data/palp-2.20/class.c
Examining data/palp-2.20/cws.c
Examining data/palp-2.20/Subpoly.h
Examining data/palp-2.20/Vertex.c
Examining data/palp-2.20/LG.h
Examining data/palp-2.20/Polynf.c
Examining data/palp-2.20/MoriCone.c
Examining data/palp-2.20/lgotwist.c
Examining data/palp-2.20/Subpoly.c
Examining data/palp-2.20/Rat.h
Examining data/palp-2.20/LG.c
Examining data/palp-2.20/mori.c
Examining data/palp-2.20/Subadd.c
FINAL RESULTS:
data/palp-2.20/E_Poly.c:174:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(outFILE,(_AP->np>20) ? " %2d" : " %4d", (int) _AP->x[j][i]);
data/palp-2.20/E_Poly.c:183:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(outFILE,(c>20) ? " %3d" : " %4d", (int) *(M+i+C*j));
data/palp-2.20/E_Poly.c:193:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(outFILE,(l>20) ? " %3d" : " %4d", (int) *(M+i+C*j));
data/palp-2.20/E_Poly.c:241:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(outFILE,(_P_AUX->np>20) ? " %3d" : " %4d", (int) _P_AUX->x[j][i]);
data/palp-2.20/E_Poly.c:260:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(outFILE,(_P->np>20) ? " %3d" : " %4d", o);
data/palp-2.20/E_Poly.c:266:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(outFILE,(_P->np>20) ? " %3d" : " %4d", (int) _P->x[j][i]);
data/palp-2.20/E_Poly.c:307:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(outFILE,(_P->np > 20) ? "----" :"-----");
data/palp-2.20/E_Poly.c:402:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(outFILE,(_L->nv > 20) ? " %3d" : " %4d", (int) _L->VM[i][j]);
data/palp-2.20/E_Poly.c:407:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(outFILE,(_L->nv > 20) ? "----" :"-----");
data/palp-2.20/E_Poly.c:418:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(outFILE,(N > 20) ? " %3d" : " %4d",(int) _L->W[i][j]);
data/palp-2.20/MoriCone.c:220:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(CAT,fn);printf("======= FILE content of %s:\n",fn); fflush(0);
data/palp-2.20/MoriCone.c:221:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
assert(0==system(CAT));
data/palp-2.20/Polynf.c:1669:35: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{ int j, d=0; for(j=0;j<w;j++){fprintf(outFILE,(w>19) ? " %2d" : " %4d",
data/palp-2.20/Polynf.c:1858:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{ for(j=0;j<_P->np;j++) fprintf(outFILE,(_P->np>20) ? " %2d" :
data/palp-2.20/Polynf.c:1861:26: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{ for(i=0; i<np; i++) fprintf(outFILE,(np>20) ? "---" : "-----");
data/palp-2.20/Polynf.c:1873:26: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{ for(i=0; i<np; i++) fprintf(outFILE, (np>20) ? "---" : "-----");
data/palp-2.20/SingularInput.c:553:42: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcpy(SingularCall,"Singular -q < "); strcat(SingularCall,SFname);
data/palp-2.20/SingularInput.c:555:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if( system(SingularCall) ) {puts("Check Singular installation");exit(1);}
data/palp-2.20/Subadd.c:254:46: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(USE_TMP_DIR) {strcpy(auxfn,"/tmp/"); strcat(auxfn,L->oname);}
data/palp-2.20/Subadd.c:255:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(auxfn,L->oname);
data/palp-2.20/Subadd.c:256:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(auxfn,SAVE_FILE_EXT);
data/palp-2.20/Subadd.c:265:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Mfn,L->oname); strcat(Mfn,MOVE_SAVE_FILE);
data/palp-2.20/Subadd.c:265:24: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcpy(Mfn,L->oname); strcat(Mfn,MOVE_SAVE_FILE);
data/palp-2.20/Subadd.c:424:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpfn,S->oname); strcat(tmpfn,".tmp");
data/palp-2.20/Subadd.c:428:46: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(USE_TMP_DIR) {strcpy(auxfn,"/tmp/"); strcat(auxfn,S->oname);}
data/palp-2.20/Subadd.c:429:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(auxfn,S->oname);
data/palp-2.20/Subadd.c:430:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(auxfn,SAVE_FILE_EXT);
data/palp-2.20/Subadd.c:681:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bni,(BNI==1000) ? "k" : "M");
data/palp-2.20/Subdb.c:48:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dbnames,dbo); fx=&dbnames[strlen(dbo)+1];
data/palp-2.20/Subdb.c:73:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(Finfo, /* write Finfo */
data/palp-2.20/Subdb.c:91:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fx,ext); Fv=fopen(dbnames,"wb"); assert(Fv!=NULL);
data/palp-2.20/Subdb.c:128:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dbname,_NFL->dbname);
data/palp-2.20/Subdb.c:168:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fx,ext);
data/palp-2.20/Subdb.c:262:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Ifn,dbi); Ifx=&Ifn[strlen(dbi)]; strcpy(Ifx,".info");
data/palp-2.20/Subdb.c:264:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Ofn,dbo); Ofx=&Ofn[strlen(dbo)];
data/palp-2.20/Subdb.c:342:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
vxt[4]=0; strcpy(Ofx,vxt); strcpy(Ifx,vxt);
data/palp-2.20/Subdb.c:342:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
vxt[4]=0; strcpy(Ofx,vxt); strcpy(Ifx,vxt);
data/palp-2.20/Subdb.c:344:19: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
{ if(!newout) {strcat(Ifx,SAVE_FILE_EXT); assert(!rename(Ofn,Ifn));}
data/palp-2.20/Subdb.c:414:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(FO, /* write FO.info */
data/palp-2.20/Subdb.c:513:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Ifn,dbi); Ifx=&Ifn[strlen(dbi)]; strcpy(Ifx,".info");
data/palp-2.20/Subdb.c:577:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
vxt[4]=0; strcpy(Ifx,vxt); fclose(F);
data/palp-2.20/Subdb.c:600:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
vxt[4]=0; strcpy(Ifx,vxt); fclose(F);
data/palp-2.20/Subdb.c:655:37: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ unsigned tln=0; Along tNF=0; strcpy(Sfn,dbsub);
data/palp-2.20/Subdb.c:746:30: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
vxt[3]=v%10+'0'; vxt[4]=0; strcpy(Sfx,vxt);
data/palp-2.20/Subdb.c:790:30: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
vxt[3]=v%10+'0'; vxt[4]=0; strcpy(Sfx,vxt);
data/palp-2.20/Subdb.c:833:30: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
vxt[3]=v%10+'0'; vxt[4]=0; strcpy(Sfx,vxt);
data/palp-2.20/Subdb.c:942:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( /* write Finfo */
data/palp-2.20/Subdb.c:962:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Ifn,dbi); Ifx=&Ifn[strlen(dbi)]; strcpy(Ifx,".info");
data/palp-2.20/Subdb.c:997:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( /* write Finfo */
data/palp-2.20/Subdb.c:1047:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dbname,dbin);
data/palp-2.20/Subdb.c:1048:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dbhname,dbout);
data/palp-2.20/Subdb.c:1093:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fx,ext);
data/palp-2.20/Subdb.c:1113:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fhx,aext);
data/palp-2.20/Subdb.c:1161:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dbaname,dbaux);
data/palp-2.20/Subdb.c:1163:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dbhname,dbout);
data/palp-2.20/Subdb.c:1204:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fax,aext);
data/palp-2.20/Subdb.c:1210:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fhx,hext);
data/palp-2.20/Subdb.c:1259:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename,dbname);
data/palp-2.20/Subdb.c:1296:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fhx,hext);
data/palp-2.20/Subdb.c:1395:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename,dbname);
data/palp-2.20/Subdb.c:1435:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fhx,hext);
data/palp-2.20/Subdb.c:1519:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dbname,dbin); strcat(dbname,".info"); fx=&dbname[strlen(dbin)+1];
data/palp-2.20/Subdb.c:1538:50: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ ext[1]='0' + v / 10; ext[2]='0' + v % 10; strcpy(fx,ext);
data/palp-2.20/Subdb.c:1850:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( /* write Finfo */
data/palp-2.20/Subdb.c:1865:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Ifn,dbi); Ifx=&Ifn[strlen(dbi)]; strcpy(Ifx,".info");
data/palp-2.20/Subdb.c:1902:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( /* write Finfo */
data/palp-2.20/Subpoly.c:1145:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dbname,dbin);
data/palp-2.20/Subpoly.c:1157:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fx,ext);
data/palp-2.20/class.c:224:1: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
scanf("%s",&hc);
data/palp-2.20/cws.c:1884:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(command);
data/palp-2.20/cws.c:1900:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(command);outFILE=fopen("zzL.tmp1","r");
data/palp-2.20/lgotwist.c:971:37: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define fpri(list,num) fprintf(outfi,list,(long) num)
data/palp-2.20/SingularInput.c:85:16: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
assert(NULL!=tmpnam(SFname));
data/palp-2.20/Coord.c:82:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ int *nz=&CW->nz; int i=0,n; char c[999],b=' '; *nz=0;
data/palp-2.20/E_Poly.c:290:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char C[VERT_Nmax];
data/palp-2.20/LG.c:34:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int FilterFlag=(inFILE==NULL); char C, c[999],b=' ';
data/palp-2.20/MoriCone.c:219:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void CatFile(char *fn){char CAT[30+L_tmpnam];strcpy(CAT,"cat ");
data/palp-2.20/MoriCone.c:219:46: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
void CatFile(char *fn){char CAT[30+L_tmpnam];strcpy(CAT,"cat ");
data/palp-2.20/MoriCone.c:1241:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
else {char uvw[2]={'u',0}; uvw[0]+=i;printf("%s",uvw);}
data/palp-2.20/MoriCone.c:1245:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
else {char uvw[2]={'u',0}; uvw[0]+=i;printf("%s",uvw);}
data/palp-2.20/MoriCone.c:1503:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ int i; char c[VERT_Nmax+1]; c[v]=0;
data/palp-2.20/MoriCone.c:1510:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ int i; char c[VERT_Nmax+1]; c[v-1]=0;
data/palp-2.20/Polynf.c:538:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[VERT_Nmax+38]="Normal form of vertices of P";
data/palp-2.20/Polynf.c:541:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{strcpy(&c[28]," perm");c[36]='=';}
data/palp-2.20/Polynf.c:1241:68: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ Long C[POLY_Dmax], N; int nis,r=0,s,ks,bcz,ssr, R=KP_VALUE; char c[90];
data/palp-2.20/Polynf.c:1308:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(c,"PPL:"); if(nis) strcat(c," symmetric");
data/palp-2.20/Polynf.c:1308:35: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(c,"PPL:"); if(nis) strcat(c," symmetric");
data/palp-2.20/Polynf.c:1309:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if(ks) strcat(c," kPsum"); else if(s) strcat(c," Psum");
data/palp-2.20/Polynf.c:1309:40: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if(ks) strcat(c," kPsum"); else if(s) strcat(c," Psum");
data/palp-2.20/Polynf.c:1310:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if(bcz) strcat(c," bary");
data/palp-2.20/Polynf.c:1311:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if(ssr) strcat(c," semisimple");
data/palp-2.20/Polynf.c:1770:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ int n; char C[VERT_Nmax]; VertexNumList V; EqList E; for(n=0;n<F->nf;n++)
data/palp-2.20/Polynf.c:2366:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char divi[99]; Long g=Divisibility_Index(P,V); if(g<2) return;
data/palp-2.20/Polynf.c:2367:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(divi,"divisible by factor=%ld",g); Print_VL(P,V,divi);
data/palp-2.20/Polynf.c:2606:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[99]="FanoProjection candidate #nnn"; int CC[FPcirNmax][FanoProjNPmax];
data/palp-2.20/SingularInput.c:34:58: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int Read_HyperSurf(int *he, int divclassnr, int maxline, char filename[20], MORI_Flags *_Flag){
data/palp-2.20/SingularInput.c:39:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[maxline];
data/palp-2.20/SingularInput.c:44:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( (stream = fopen(filename, "w")) == NULL) {
data/palp-2.20/SingularInput.c:54:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( (stream = fopen(filename,"r")) == NULL) {
data/palp-2.20/SingularInput.c:64:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
he[i] = atoi(result);
data/palp-2.20/SingularInput.c:83:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SFname[L_tmpnam], SingularCall[50+L_tmpnam], *D=T_DIV,*B=DIVclassBase;
data/palp-2.20/SingularInput.c:86:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
assert(NULL!=(SF=fopen(SFname,"w")));
data/palp-2.20/SingularInput.c:553:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(SingularCall,"Singular -q < "); strcat(SingularCall,SFname);
data/palp-2.20/Subadd.c:234:40: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ time_t Tstart=time(NULL); FILE *F=fopen(S->iname,"rb"); /* F=fopen */
data/palp-2.20/Subadd.c:242:40: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ time_t Tstart=time(NULL); FILE *F=fopen(fn,"rb");
data/palp-2.20/Subadd.c:254:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(USE_TMP_DIR) {strcpy(auxfn,"/tmp/"); strcat(auxfn,L->oname);}
data/palp-2.20/Subadd.c:257:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
F=fopen(auxfn,"rb"); printf("Reading %s: ",auxfn); fflush(stdout);
data/palp-2.20/Subadd.c:424:30: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(tmpfn,S->oname); strcat(tmpfn,".tmp");
data/palp-2.20/Subadd.c:428:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(USE_TMP_DIR) {strcpy(auxfn,"/tmp/"); strcat(auxfn,S->oname);}
data/palp-2.20/Subadd.c:431:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
F=fopen(tmpfn,"wb"); printf("Writing %s: ",auxfn); fflush(stdout);
data/palp-2.20/Subadd.c:442:40: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ time_t Tstart=time(NULL); FILE *F=fopen(fn,"wb");
data/palp-2.20/Subadd.c:680:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bni[2]; int BNI=(_L->nNF>2000000) ? 1000000 : 1000;
data/palp-2.20/Subadd.c:732:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ unsigned char UC[NB_MAX]; int nUC, NV;
data/palp-2.20/Subadd.c:982:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char auxUC[POLY_Dmax*VERT_Nmax];
data/palp-2.20/Subadd.c:1080:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char UC[POLY_Dmax*VERT_Nmax];
data/palp-2.20/Subadd.c:1126:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ FILE *FI=fopen(polyi,"rb"), *FA=fopen(polya,"rb"), *FO;
data/palp-2.20/Subadd.c:1126:38: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ FILE *FI=fopen(polyi,"rb"), *FA=fopen(polya,"rb"), *FO;
data/palp-2.20/Subadd.c:1128:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ucI[NUC_Nmax], ucA[NUC_Nmax], *ucSL, *uc; int SLp[SL_Nmax];
data/palp-2.20/Subadd.c:1136:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(NULL==(FO=fopen(polyo,"wb"))){printf("Cannot open %s",polyo);exit(0);}
data/palp-2.20/Subadd.c:1351:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ unsigned char UC[NB_MAX]; int nUC, NV, NewNF;
data/palp-2.20/Subdb.c:41:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *F=fopen(polyi,"rb"), *Finfo, *Fv, *Fsl;
data/palp-2.20/Subdb.c:49:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(dbnames,".info"); Finfo=fopen(dbnames,"w"); assert(Finfo!=NULL);
data/palp-2.20/Subdb.c:49:37: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
strcat(dbnames,".info"); Finfo=fopen(dbnames,"w"); assert(Finfo!=NULL);
data/palp-2.20/Subdb.c:89:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char ext[4]={'v',0,0,0};
data/palp-2.20/Subdb.c:91:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
strcpy(fx,ext); Fv=fopen(dbnames,"wb"); assert(Fv!=NULL);
data/palp-2.20/Subdb.c:102:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{ strcpy(fx,"sl"); Fsl=fopen(dbnames,"wb");
data/palp-2.20/Subdb.c:102:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ strcpy(fx,"sl"); Fsl=fopen(dbnames,"wb");
data/palp-2.20/Subdb.c:130:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(dbname,".info");
data/palp-2.20/Subdb.c:134:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
DB->Finfo=fopen(dbname,"r");
data/palp-2.20/Subdb.c:166:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[4]={'v',0,0,0};
data/palp-2.20/Subdb.c:169:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
DB->Fv[v]=fopen(dbname,"rb");
data/palp-2.20/Subdb.c:215:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Aux_poly[BLOCK_LENGTH*NUC_Nmax];
data/palp-2.20/Subdb.c:253:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ucI[NUC_Nmax],ucA[NUC_Nmax],*ucSL=NULL,*uc;int SLp[SL_Nmax];
data/palp-2.20/Subdb.c:262:46: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Ifn,dbi); Ifx=&Ifn[strlen(dbi)]; strcpy(Ifx,".info");
data/palp-2.20/Subdb.c:266:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(NULL==(FI=fopen(Ifn,"r"))) {printf("Cannot open %s",Ifn);exit(0);}
data/palp-2.20/Subdb.c:267:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(NULL==(FA=fopen(polya,"rb"))){printf("Cannot open %s",polya);exit(0);}
data/palp-2.20/Subdb.c:283:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Ifx,".sl"); if(IslNF) assert(NULL != (FI=fopen(Ifn,"rb")));
data/palp-2.20/Subdb.c:283:54: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
strcpy(Ifx,".sl"); if(IslNF) assert(NULL != (FI=fopen(Ifn,"rb")));
data/palp-2.20/Subdb.c:341:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char vxt[5]; strcpy(vxt,".v"); vxt[2]=v/10+'0'; vxt[3]=v%10+'0';
data/palp-2.20/Subdb.c:341:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{ char vxt[5]; strcpy(vxt,".v"); vxt[2]=v/10+'0'; vxt[3]=v%10+'0';
data/palp-2.20/Subdb.c:345:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(NULL==(FI=fopen(Ifn,"rb"))){printf("Ifn %s failed",Ifn);exit(0);}
data/palp-2.20/Subdb.c:346:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
} if(NULL==(FO=fopen(Ofn,"wb"))){printf("Ofn %s failed",Ofn);exit(0);}
data/palp-2.20/Subdb.c:400:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{ strcpy(Ofx,".sl"); assert(NULL != (FO=fopen(Ofn,"wb")));
data/palp-2.20/Subdb.c:400:46: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ strcpy(Ofx,".sl"); assert(NULL != (FO=fopen(Ofn,"wb")));
data/palp-2.20/Subdb.c:413:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Ofx,".info"); assert(NULL != (FO=fopen(Ofn,"w")));
data/palp-2.20/Subdb.c:413:46: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
strcpy(Ofx,".info"); assert(NULL != (FO=fopen(Ofn,"w")));
data/palp-2.20/Subdb.c:439:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static int n, V, NU; static unsigned char UC[NUC_Nmax]; if(n)
data/palp-2.20/Subdb.c:445:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static int n, V, NU; static unsigned char UC[NUC_Nmax]; if(n)
data/palp-2.20/Subdb.c:480:4: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
F=fopen(polyi,"rb"); if(F==NULL) {puts("File not found");exit(0);}
data/palp-2.20/Subdb.c:513:47: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Ifn,dbi); Ifx=&Ifn[strlen(dbi)]; strcpy(Ifx,".info");
data/palp-2.20/Subdb.c:514:4: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
F=fopen(Ifn,"r"); if(F==NULL) {puts("Info File not found");exit(0);}
data/palp-2.20/Subdb.c:554:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{ strcpy(Ifx,".sl"); fclose(F);
data/palp-2.20/Subdb.c:555:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(NULL==(F=fopen(Ifn,"rb"))){printf("Open %s failed",Ifn);exit(0);}
data/palp-2.20/Subdb.c:558:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ unsigned char uc[NUC_Nmax]; v=fgetc(F); assert(v<=VERT_Nmax);
data/palp-2.20/Subdb.c:576:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char vxt[5]; strcpy(vxt,".v"); vxt[2]=v/10+'0'; vxt[3]=v%10+'0';
data/palp-2.20/Subdb.c:576:24: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{ char vxt[5]; strcpy(vxt,".v"); vxt[2]=v/10+'0'; vxt[3]=v%10+'0';
data/palp-2.20/Subdb.c:578:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(NULL==(F=fopen(Ifn,"rb"))){printf("Ifn %s failed",Ifn);exit(0);}
data/palp-2.20/Subdb.c:581:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ unsigned char uc[NUC_Nmax]; for(i=0;i<L.NFnum[v][nu];i++)
data/palp-2.20/Subdb.c:599:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char vxt[5]; strcpy(vxt,".v"); vxt[2]=v/10+'0'; vxt[3]=v%10+'0';
data/palp-2.20/Subdb.c:599:24: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{ char vxt[5]; strcpy(vxt,".v"); vxt[2]=v/10+'0'; vxt[3]=v%10+'0';
data/palp-2.20/Subdb.c:601:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(NULL==(F=fopen(Ifn,"rb"))){printf("Ifn %s failed",Ifn);exit(0);}
data/palp-2.20/Subdb.c:604:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ unsigned char uc[NUC_Nmax]; for(i=0;i<L.NFnum[v][nu];i++)
data/palp-2.20/Subdb.c:632:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ FILE *FI=fopen(polyi,"rb"), *FS, *FO=fopen(polyo,"wb");
data/palp-2.20/Subdb.c:632:43: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ FILE *FI=fopen(polyi,"rb"), *FS, *FO=fopen(polyo,"wb");
data/palp-2.20/Subdb.c:635:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ucI[NUC_Nmax], ucS[NUC_Nmax], *ucSL, *uc; int SLp[SL_Nmax];
data/palp-2.20/Subdb.c:656:27: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
Sfx=&Sfn[strlen(dbsub)]; strcpy(Sfx,".info"); FS=fopen(Sfn,"r");
data/palp-2.20/Subdb.c:656:52: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Sfx=&Sfn[strlen(dbsub)]; strcpy(Sfx,".info"); FS=fopen(Sfn,"r");
data/palp-2.20/Subdb.c:673:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ if(NULL==(FS=fopen(polys,"rb")))
data/palp-2.20/Subdb.c:695:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{ strcpy(Sfx,".sl"); fclose(FS);
data/palp-2.20/Subdb.c:696:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(NULL==(FS=fopen(Sfn,"rb"))){printf("Open %s failed",Sfn);exit(0);}
data/palp-2.20/Subdb.c:745:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char vxt[5]; strcpy(vxt,".v"); vxt[2]=v/10+'0';
data/palp-2.20/Subdb.c:745:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{ char vxt[5]; strcpy(vxt,".v"); vxt[2]=v/10+'0';
data/palp-2.20/Subdb.c:747:48: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
assert(!ferror(FS));fclose(FS); if(NULL==(FS=fopen(Sfn,"rb")))
data/palp-2.20/Subdb.c:789:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char vxt[5]; strcpy(vxt,".v"); vxt[2]=v/10+'0';
data/palp-2.20/Subdb.c:789:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{ char vxt[5]; strcpy(vxt,".v"); vxt[2]=v/10+'0';
data/palp-2.20/Subdb.c:791:48: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
assert(!ferror(FS));fclose(FS); if(NULL==(FS=fopen(Sfn,"rb")))
data/palp-2.20/Subdb.c:832:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char vxt[5]; strcpy(vxt,".v"); vxt[2]=v/10+'0';
data/palp-2.20/Subdb.c:832:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{ char vxt[5]; strcpy(vxt,".v"); vxt[2]=v/10+'0';
data/palp-2.20/Subdb.c:834:48: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
assert(!ferror(FS));fclose(FS); if(NULL==(FS=fopen(Sfn,"rb")))
data/palp-2.20/Subdb.c:904:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ FILE *F=fopen(polyi,"rb"); FInfoList L; UPint list_num,tNF=0; Along tNB=0;
data/palp-2.20/Subdb.c:906:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char uc[POLY_Dmax*VERT_Nmax]; VertexNumList V; EqList E;
data/palp-2.20/Subdb.c:962:46: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Ifn,dbi); Ifx=&Ifn[strlen(dbi)]; strcpy(Ifx,".info");
data/palp-2.20/Subdb.c:963:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
F=fopen(Ifn,"r"); if(F==NULL) {puts("Info File not found");exit(0);}
data/palp-2.20/Subdb.c:969:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{ strcpy(Ifx,".sl"); fclose(F);
data/palp-2.20/Subdb.c:970:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(NULL==(F=fopen(Ifn,"rb"))){printf("Open %s failed",Ifn);exit(0);}
data/palp-2.20/Subdb.c:979:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ int I,J; unsigned char uc[NUC_Nmax]; v=fgetc(F); assert(v<=VERT_Nmax);
data/palp-2.20/Subdb.c:1032:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char uc_poly[NUC_Nmax];
data/palp-2.20/Subdb.c:1049:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(dbname,".info");
data/palp-2.20/Subdb.c:1050:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(dbhname,".vinfo");
data/palp-2.20/Subdb.c:1053:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Fvinfo=fopen(dbhname,"a");
data/palp-2.20/Subdb.c:1058:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
DB.Finfo=fopen(dbname,"r");
data/palp-2.20/Subdb.c:1087:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[4], aext[8];
data/palp-2.20/Subdb.c:1094:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
DB.Fv[v]=fopen(dbname,"rb");
data/palp-2.20/Subdb.c:1114:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Faux[dh]=fopen(dbhname,"ab"); }
data/palp-2.20/Subdb.c:1162:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(dbaname,".vinfo");
data/palp-2.20/Subdb.c:1164:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(dbhname,".hinfo");
data/palp-2.20/Subdb.c:1171:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Fvinfo=fopen(dbaname,"r");
data/palp-2.20/Subdb.c:1186:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Fhinfo=fopen(dbhname,"w");
data/palp-2.20/Subdb.c:1191:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aext[8], hext[9];
data/palp-2.20/Subdb.c:1205:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Fchia=fopen(dbaname,"rb");
data/palp-2.20/Subdb.c:1211:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Fh[h12]=fopen(dbhname,"wb");
data/palp-2.20/Subdb.c:1260:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filename,".hinfo");
data/palp-2.20/Subdb.c:1266:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Fhinfo=fopen(filename,"r");
data/palp-2.20/Subdb.c:1285:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hext[9];
data/palp-2.20/Subdb.c:1297:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Fh=fopen(filename,"rb");
data/palp-2.20/Subdb.c:1325:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char uc_poly[NUC_Nmax];
data/palp-2.20/Subdb.c:1396:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filename,".hinfo");
data/palp-2.20/Subdb.c:1402:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Fhinfo=fopen(filename,"r");
data/palp-2.20/Subdb.c:1436:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Fh=fopen(filename,"rb");
data/palp-2.20/Subdb.c:1468:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(com,"M:%d %d N:%d %d H:%d,%d [%d]",
data/palp-2.20/Subdb.c:1475:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(com,"M:%d %d N:%d %d H:%d,%d [%d]",
data/palp-2.20/Subdb.c:1492:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *Ft=fopen(filename,"rb");
data/palp-2.20/Subdb.c:1493:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char uc_poly[NUC_Nmax];
data/palp-2.20/Subdb.c:1515:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ int i,j,v,nu; DataBase *DB; char *dbname,*fx,ext[4];
data/palp-2.20/Subdb.c:1519:27: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(dbname,dbin); strcat(dbname,".info"); fx=&dbname[strlen(dbin)+1];
data/palp-2.20/Subdb.c:1521:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
DB->Finfo=fopen(dbname,"r"); assert(DB->Finfo!=NULL);
data/palp-2.20/Subdb.c:1539:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
DB->Fv[v]=fopen(dbname,"rb"); assert(DB->Fv[v]!=NULL);
data/palp-2.20/Subdb.c:1596:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static unsigned char uc[NUC_Nmax]; static int ms3;
data/palp-2.20/Subdb.c:1812:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ FILE *F=fopen(polyi,"rb"); FInfoList L; UPint list_num,tNF=0; Along tNB=0;
data/palp-2.20/Subdb.c:1814:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char uc[POLY_Dmax*VERT_Nmax]; VertexNumList V; EqList E;
data/palp-2.20/Subdb.c:1865:46: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Ifn,dbi); Ifx=&Ifn[strlen(dbi)]; strcpy(Ifx,".info");
data/palp-2.20/Subdb.c:1866:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
F=fopen(Ifn,"r"); if(F==NULL) {puts("Info File not found");exit(0);}
data/palp-2.20/Subdb.c:1872:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{ strcpy(Ifx,".sl"); fclose(F);
data/palp-2.20/Subdb.c:1873:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(NULL==(F=fopen(Ifn,"rb"))){printf("Open %s failed",Ifn);exit(0);}
data/palp-2.20/Subdb.c:1886:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ int I,J; unsigned char uc[NUC_Nmax]; v=fgetc(F); assert(v<=VERT_Nmax);
data/palp-2.20/Subpoly.c:1142:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char uc_poly[NUC_Nmax];
data/palp-2.20/Subpoly.c:1154:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[4]={'v',0,0,0};
data/palp-2.20/Subpoly.c:1158:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dbfile=fopen(dbname,"rb");
data/palp-2.20/Subpoly.h:96:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nV, nNUC[VERT_Nmax+1], nVmax, NUCmax;
data/palp-2.20/Subpoly.h:98:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *NF[VERT_Nmax+1][NUC_Nmax],*NFli;} FInfoList;
data/palp-2.20/Vertex.c:534:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{time_t DATE2=time(NULL); char sm[2]={'s',0};
data/palp-2.20/class.c:282:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oFlag=atoi(&fn[n][2]);
data/palp-2.20/class.c:288:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(fn[n][2]=='f') vf=atoi((fn[n][3]) ? &fn[n][3] : fn[++n]);
data/palp-2.20/class.c:289:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(fn[n][2]=='t') vt=atoi((fn[n][3]) ? &fn[n][3] : fn[++n]);}
data/palp-2.20/class.c:298:33: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ if (narg > ++n) inFILE=fopen(fn[n],"r"); else inFILE=stdin;
data/palp-2.20/class.c:300:33: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (narg > ++n) outFILE=fopen(fn[n],"w"); else outFILE=stdout;
data/palp-2.20/cws.c:20:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *opt_string[OSL]={
data/palp-2.20/cws.c:386:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(POLY_Dmax<(d=atoi(c))){printf("Increase POLY_Dmax to %d\n",d);exit(0);}
data/palp-2.20/cws.c:390:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c=&fn[n][2]; r2=atoi(c);}
data/palp-2.20/cws.c:441:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(POLY_Dmax<(d=atoi(c))){printf("Increase POLY_Dmax to %d\n",d);exit(0);}
data/palp-2.20/cws.c:443:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
{ L=atoi(fn[n]); assert(++n<narg); assert(IsDigit(fn[n][0]));
data/palp-2.20/cws.c:444:4: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
H=atoi(fn[n]); assert(L<=H); n++;
data/palp-2.20/cws.c:461:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(POLY_Dmax<(d=atoi(c))){printf("Increase POLY_Dmax to %d\n",d);exit(0);}
data/palp-2.20/cws.c:463:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
L=atoi(fn[n]); assert(++n<narg); assert(IsDigit(fn[n][0]));
data/palp-2.20/cws.c:464:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
H=atoi(fn[n]); assert(L<=H); n++; }
data/palp-2.20/cws.c:480:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ inFILE=fopen(fn[2],"r"); assert(NULL!=inFILE);
data/palp-2.20/cws.c:481:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(narg>3) {outFILE=fopen(fn[3],"w"); assert(NULL!=outFILE);}
data/palp-2.20/cws.c:497:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(POLY_Dmax<(d=atoi(c))){printf("Increase POLY_Dmax to %d\n",d);exit(0);}
data/palp-2.20/cws.c:672:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ int t=Trans_Check(W); char c[5]=" rt"; if(t||!tFlag) {c[3]=(t)?'t':0;
data/palp-2.20/cws.c:1034:18: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if((AUXFILE1 = tmpfile()) == NULL)
data/palp-2.20/cws.c:1036:18: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if((AUXFILE2 = tmpfile()) == NULL)
data/palp-2.20/cws.c:1043:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((outFILE = fopen(outfile, "w")) == NULL){
data/palp-2.20/cws.c:1067:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((outFILE = fopen(outfile, "w")) == NULL){
data/palp-2.20/cws.c:1081:22: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if((AUXFILE[i] = tmpfile()) == NULL)
data/palp-2.20/cws.c:1086:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((outFILE = fopen(outfile, "w")) == NULL){
data/palp-2.20/cws.c:1101:18: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if((AUXFILE[0]=tmpfile())==NULL)Die("Unable to open tmpfile for read/write");
data/palp-2.20/cws.c:1102:18: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if((AUXFILE[1]=tmpfile())==NULL)Die("Unable to open tmpfile for read/write");
data/palp-2.20/cws.c:1109:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((outFILE = fopen(outfile, "w")) == NULL){
data/palp-2.20/cws.c:1125:16: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if((w2FILE = tmpfile())==NULL) Die("Unable to open tmpfile for read/write");
data/palp-2.20/cws.c:1126:16: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if((w3FILE = tmpfile())==NULL) Die("Unable to open tmpfile for read/write");
data/palp-2.20/cws.c:1127:16: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if((w4FILE = tmpfile())==NULL) Die("Unable to open tmpfile for read/write");
data/palp-2.20/cws.c:1134:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
/*outfile="2x2x2"*/; mk2xxx(outfile, atoi("3"));
data/palp-2.20/cws.c:1144:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
/*outfile="2x2x2x2";*/ mk2xxx(outfile, atoi("4"));
data/palp-2.20/cws.c:1313:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((INfile[i] = fopen(infile[i], "r"))== NULL){
data/palp-2.20/cws.c:1589:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *infile[NFmax] = {NULL}, *outfile = NULL, *a;
data/palp-2.20/cws.c:1602:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
d = atoi(a);
data/palp-2.20/cws.c:1607:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nF = atoi(a);
data/palp-2.20/cws.c:1626:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
t.u[0] = atoi(a); t.nu = 1;
data/palp-2.20/cws.c:1631:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
assert(t.nu < NFmax); t.u[t.nu] = atoi(a); t.nu++;
data/palp-2.20/cws.c:1643:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((outFILE = fopen(outfile, "w")) == NULL){
data/palp-2.20/cws.c:1647:22: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if((AUXFILE[i] = tmpfile()) == NULL)
data/palp-2.20/cws.c:1649:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((INFILE[i] = fopen(infile[i], "r"))==NULL)
data/palp-2.20/cws.c:1715:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((rwFILE = fopen(file, m)) == NULL){
data/palp-2.20/cws.c:1753:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((inFILE = fopen(fn[n], "r")) == NULL){
data/palp-2.20/cws.c:1759:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((outFILE = fopen(fn[n], "w")) == NULL){
data/palp-2.20/cws.c:1831:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *infile[2] = {NULL}, *outfile = NULL, *a;
data/palp-2.20/cws.c:1852:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
x=atoi(a);}
data/palp-2.20/cws.c:1864:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((INFILE[i] = fopen(infile[i], "r"))==NULL)
data/palp-2.20/cws.c:1868:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((outFILE = fopen(outfile, "w")) == NULL){
data/palp-2.20/cws.c:1882:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[100];
data/palp-2.20/cws.c:1883:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command,"rm zzL.tmp");
data/palp-2.20/cws.c:1885:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outFILE=fopen("zzL.tmp","w");
data/palp-2.20/cws.c:1896:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[100];
data/palp-2.20/cws.c:1897:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command,"count zzL.tmp | grep '*' | awk '{print $7}' > zzL.tmp1");
data/palp-2.20/cws.c:1900:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
system(command);outFILE=fopen("zzL.tmp1","r");
data/palp-2.20/lgotwist.c:851:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 't': c=(fn[n][2]) ? &fn[n][2] : fn[++n]; t=atoi(c); n++; break;
data/palp-2.20/lgotwist.c:853:4: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g=atoi(c); n++; break;
data/palp-2.20/lgotwist.c:855:4: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a=atoi(c); n++; break;
data/palp-2.20/lgotwist.c:857:4: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
b=atoi(c); n++; break;
data/palp-2.20/lgotwist.c:858:56: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
case 'i': c=(fn[n][2]) ? &fn[n][2] : fn[++n]; infi=fopen(c,"r");
data/palp-2.20/lgotwist.c:860:57: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
case 'o': c=(fn[n][2]) ? &fn[n][2] : fn[++n]; outfi=fopen(c,"w");
data/palp-2.20/mori.c:148:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (narg > ++n) inFILE=fopen(fn[n],"r");
data/palp-2.20/mori.c:153:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (narg > ++n) outFILE=fopen(fn[n],"w");
data/palp-2.20/nef.c:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *opt_string[OSL]={
data/palp-2.20/nef.c:107:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(a);
data/palp-2.20/nef.c:206:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
F.gd = atoi(&fn[n][2]);
data/palp-2.20/nef.c:212:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
F.dd = atoi(&fn[n][2]);
data/palp-2.20/nef.c:255:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inFILE = fopen(fn[n], "r");
data/palp-2.20/nef.c:263:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outFILE = fopen(fn[n], "w");
data/palp-2.20/poly.c:23:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *opt_string[OSL]={
data/palp-2.20/poly.c:155:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (narg > ++n) inFILE=fopen(fn[n],"r");
data/palp-2.20/poly.c:158:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (narg > ++n) outFILE=fopen(fn[n],"w");
data/palp-2.20/poly.c:232:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char divi[99]; Long g=Divisibility_Index(_P,&V);
data/palp-2.20/poly.c:233:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(g>1){sprintf(divi,"divisible by factor=%ld",g); Print_VL(_P,&V,divi);}}
data/palp-2.20/Coord.c:17:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char c; c=fgetc(inFILE); ungetc(c,inFILE);
data/palp-2.20/Coord.c:84:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ c[n]=fgetc(inFILE); if(feof(inFILE)) return 0; if(c[n]=='\n') break;
data/palp-2.20/Coord.c:141:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(' '==(c=fgetc(inFILE )));
data/palp-2.20/Coord.c:150:20: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while('\n'!=fgetc(inFILE)); /* read to end of line */
data/palp-2.20/Coord.c:169:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(fgetc(inFILE )-'\n') if(feof(inFILE)) return 0;/* read to EOL */
data/palp-2.20/Coord.c:237:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(' '==(c=fgetc(inFILE )));
data/palp-2.20/Coord.c:246:20: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while('\n'!=fgetc(inFILE)); /* read to end of line */
data/palp-2.20/Coord.c:265:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(fgetc(inFILE )-'\n') if(feof(inFILE)) return 0;/* read to EOL */
data/palp-2.20/Coord.c:287:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(' '==(c=fgetc(inFILE )));
data/palp-2.20/LG.c:39:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
C=fgetc(inFILE); if( !IsDigit(C) ) return 0; ungetc(C,inFILE); *nz=0;
data/palp-2.20/LG.c:42:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ while(' '==(C=fgetc(inFILE))); ungetc(C,inFILE);
data/palp-2.20/LG.c:51:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ c[n]=fgetc(inFILE);
data/palp-2.20/LG.c:195:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c=fgetc(inFILE); if( !IsDigit(c) ) return 0; ungetc(c,inFILE);
data/palp-2.20/LG.c:198:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ while(' '==(c=fgetc(inFILE))); ungetc(c,inFILE);
data/palp-2.20/LG.c:200:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} while(fgetc(inFILE )-'\n') if(feof(inFILE))return 0; /* read to EOL */
data/palp-2.20/MoriCone.c:1475:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while('\n'!=(c=fgetc(inFILE))) if(feof(inFILE))FE("EOF");
data/palp-2.20/MoriCone.c:1479:20: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ int n; char c=fgetc(inFILE); if(!IsDigit(c)&&(c!='-')) FE("ReadInt");
data/palp-2.20/MoriCone.c:1481:20: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(' '==(c=fgetc(inFILE)));
data/palp-2.20/MoriCone.c:1489:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(' '==(c=fgetc(inFILE)));
data/palp-2.20/MoriCone.c:1491:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(IsDigit(c=fgetc(inFILE))) {assert(c<'2'); X=Inci64_PN(X,'1'-c); p--;}
data/palp-2.20/SingularInput.c:554:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(SingularCall)<50+L_tmpnam);
data/palp-2.20/Subadd.c:182:55: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ int i,j,v; unsigned tli=0; Along tNF=0,tNB=0; *d=fgetc(F);
data/palp-2.20/Subadd.c:184:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FI->nV=fgetc(F); FI->nVmax=fgetc(F); FI->NUCmax=fgetc(F);
data/palp-2.20/Subadd.c:184:33: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FI->nV=fgetc(F); FI->nVmax=fgetc(F); FI->NUCmax=fgetc(F);
data/palp-2.20/Subadd.c:184:54: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FI->nV=fgetc(F); FI->nVmax=fgetc(F); FI->NUCmax=fgetc(F);
data/palp-2.20/Subadd.c:189:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ v=fgetc(F); tli+=(FI->nNUC[v]=fgetc(F));
data/palp-2.20/Subadd.c:189:38: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ v=fgetc(F); tli+=(FI->nNUC[v]=fgetc(F));
data/palp-2.20/Subadd.c:191:39: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ unsigned nu, nnb=FI->NFnum[v][nu=fgetc(F)]=fgetUI(F);
data/palp-2.20/Subadd.c:199:32: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Init_FInfoList(FI); L->rd=fgetc(F); if(128<=(L->rd))
data/palp-2.20/Subadd.c:200:52: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ assert((L->rd-=128)<7); L->rd = 128*L->rd + fgetc(F); /* DirtyFix rd */
data/palp-2.20/Subadd.c:202:35: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(i=0;i<L->rd;i++) L->b[i]=fgetc(F);
data/palp-2.20/Subadd.c:218:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FI->NFli[pos++]=fgetc(F);
data/palp-2.20/Subadd.c:229:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
L->NewNF[pos++]=fgetc(F); L->NewNF[pos++]=fgetc(F);
data/palp-2.20/Subadd.c:229:44: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
L->NewNF[pos++]=fgetc(F); L->NewNF[pos++]=fgetc(F);
data/palp-2.20/Subadd.c:230:45: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(j=0;j<C[1];j++) L->NewNF[pos++]=fgetc(F);
data/palp-2.20/Subadd.c:252:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int NCalloc=strlen(L->oname)+strlen(SAVE_FILE_EXT)+ (USE_TMP_DIR ? 6 : 1);
data/palp-2.20/Subadd.c:252:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int NCalloc=strlen(L->oname)+strlen(SAVE_FILE_EXT)+ (USE_TMP_DIR ? 6 : 1);
data/palp-2.20/Subadd.c:264:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{char *Mfn=(char *) malloc(1+strlen(L->oname)+strlen(MOVE_SAVE_FILE));
data/palp-2.20/Subadd.c:264:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{char *Mfn=(char *) malloc(1+strlen(L->oname)+strlen(MOVE_SAVE_FILE));
data/palp-2.20/Subadd.c:420:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int NCalloc=strlen(S->oname)+strlen(SAVE_FILE_EXT)+ (USE_TMP_DIR ? 6 : 1);
data/palp-2.20/Subadd.c:420:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int NCalloc=strlen(S->oname)+strlen(SAVE_FILE_EXT)+ (USE_TMP_DIR ? 6 : 1);
data/palp-2.20/Subadd.c:423:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *tmpfn = (char *) malloc(1+strlen(S->oname)+4);
data/palp-2.20/Subadd.c:1091:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ int i; *v=fgetc(F); *nu=fgetc(F); for(i=0;i<*nu;i++) uc[i]=fgetc(F);
data/palp-2.20/Subadd.c:1091:30: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ int i; *v=fgetc(F); *nu=fgetc(F); for(i=0;i<*nu;i++) uc[i]=fgetc(F);
data/palp-2.20/Subadd.c:1091:65: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ int i; *v=fgetc(F); *nu=fgetc(F); for(i=0;i<*nu;i++) uc[i]=fgetc(F);
data/palp-2.20/Subadd.c:1094:38: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ int i; for(i=0;i<*nu;i++) uc[i]=fgetc(F);
data/palp-2.20/Subadd.c:1138:34: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert(ucSL!=NULL); assert(!fgetc(FI)); assert(!fgetc(FA));
data/palp-2.20/Subadd.c:1138:54: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert(ucSL!=NULL); assert(!fgetc(FI)); assert(!fgetc(FA));
data/palp-2.20/Subdb.c:40:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ char *dbnames = (char *) malloc(1+strlen(dbo)+File_Ext_NCmax), *fx;
data/palp-2.20/Subdb.c:48:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(dbnames,dbo); fx=&dbnames[strlen(dbo)+1];
data/palp-2.20/Subdb.c:53:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d=fgetc(F); assert(d==0); /* for(i=0;i<d;i++) fgetc(F); */
data/palp-2.20/Subdb.c:56:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d=fgetc(F); L.nV=fgetc(F); L.nVmax=fgetc(F); L.NUCmax=fgetc(F);
data/palp-2.20/Subdb.c:56:23: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d=fgetc(F); L.nV=fgetc(F); L.nVmax=fgetc(F); L.NUCmax=fgetc(F);
data/palp-2.20/Subdb.c:56:41: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d=fgetc(F); L.nV=fgetc(F); L.nVmax=fgetc(F); L.NUCmax=fgetc(F);
data/palp-2.20/Subdb.c:56:60: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d=fgetc(F); L.nV=fgetc(F); L.nVmax=fgetc(F); L.NUCmax=fgetc(F);
data/palp-2.20/Subdb.c:62:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ v=fgetc(F); L.nNUC[v]=fgetc(F); /* read #nuc's per #Vert */
data/palp-2.20/Subdb.c:62:31: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ v=fgetc(F); L.nNUC[v]=fgetc(F); /* read #nuc's per #Vert */
data/palp-2.20/Subdb.c:64:27: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ L.NFnum[v][nu=fgetc(F)]=fgetUI(F); /* read nuc and #NF(v,nu)*/
data/palp-2.20/Subdb.c:95:40: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(i=0;i<vnuNB;i++) fputc(fgetc(F),Fv);
data/palp-2.20/Subdb.c:103:55: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert(Fsl!=NULL); for(i=0;i<sl_NB;i++) fputc(fgetc(F),Fsl);
data/palp-2.20/Subdb.c:123:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *dbname = (char *) malloc(1+strlen(_NFL->dbname)+File_Ext_NCmax), *fx;
data/palp-2.20/Subdb.c:131:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fx=&dbname[strlen(_NFL->dbname)+1];
data/palp-2.20/Subdb.c:178:52: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (j=0; j<nu; j++) DB->RAM_NF[RAM_pos++]=fgetc(DB->Fv[v]); }
data/palp-2.20/Subdb.c:240:53: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (i=0;i<(*nuc)*(max_Fv_piece);i++) Aux_poly[i]=fgetc(DB->Fv[*nv]);
data/palp-2.20/Subdb.c:257:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int AmI=00,ms, newout=strcmp(dbi,dbo) && (*dbo),j=1+strlen(SAVE_FILE_EXT);
data/palp-2.20/Subdb.c:258:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *Ifx, *Ifn = (char *) malloc(j+strlen(dbi)+File_Ext_NCmax), *Ofx,
data/palp-2.20/Subdb.c:259:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*Ofn = (char *) malloc(j+strlen(newout ? dbo : dbi)+File_Ext_NCmax);
data/palp-2.20/Subdb.c:262:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(Ifn,dbi); Ifx=&Ifn[strlen(dbi)]; strcpy(Ifx,".info");
data/palp-2.20/Subdb.c:264:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(Ofn,dbo); Ofx=&Ofn[strlen(dbo)];
data/palp-2.20/Subdb.c:281:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert(!fgetc(FA)); /* rd==0 (recursion depth::no aux-file) */
data/palp-2.20/Subdb.c:473:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *Ifx=NULL, *Ifn = (char *) malloc(1+strlen(dbi)+File_Ext_NCmax);
data/palp-2.20/Subdb.c:483:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rd=fgetc(F); if(rd>127) rd=128*(rd-128)+fgetc(F);
data/palp-2.20/Subdb.c:483:46: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rd=fgetc(F); if(rd>127) rd=128*(rd-128)+fgetc(F);
data/palp-2.20/Subdb.c:485:33: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(i=0;i<rd;i++) printf(" %d",fgetc(F));
data/palp-2.20/Subdb.c:488:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d=fgetc(F); L.nV=fgetc(F); L.nVmax=fgetc(F); L.NUCmax=fgetc(F);
data/palp-2.20/Subdb.c:488:24: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d=fgetc(F); L.nV=fgetc(F); L.nVmax=fgetc(F); L.NUCmax=fgetc(F);
data/palp-2.20/Subdb.c:488:42: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d=fgetc(F); L.nV=fgetc(F); L.nVmax=fgetc(F); L.NUCmax=fgetc(F);
data/palp-2.20/Subdb.c:488:61: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d=fgetc(F); L.nV=fgetc(F); L.nVmax=fgetc(F); L.NUCmax=fgetc(F);
data/palp-2.20/Subdb.c:496:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ v=fgetc(F); L.nNUC[v]=fgetc(F);
data/palp-2.20/Subdb.c:496:33: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ v=fgetc(F); L.nNUC[v]=fgetc(F);
data/palp-2.20/Subdb.c:500:31: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ L.NFnum[v][nu=fgetc(F)]=fgetUI(F); /* read nuc and #NF(v,nu)*/
data/palp-2.20/Subdb.c:513:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(Ifn,dbi); Ifx=&Ifn[strlen(dbi)]; strcpy(Ifx,".info");
data/palp-2.20/Subdb.c:558:38: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ unsigned char uc[NUC_Nmax]; v=fgetc(F); assert(v<=VERT_Nmax);
data/palp-2.20/Subdb.c:559:5: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nu=fgetc(F); /* assert(nu<=L.NUCmax); */
data/palp-2.20/Subdb.c:640:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(char *) malloc(1+strlen(dbsub)+File_Ext_NCmax);
data/palp-2.20/Subdb.c:656:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Sfx=&Sfn[strlen(dbsub)]; strcpy(Sfx,".info"); FS=fopen(Sfn,"r");
data/palp-2.20/Subdb.c:675:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(fgetc(FS)) {puts("don't subtract aux files!");exit(0);}
data/palp-2.20/Subdb.c:680:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d=fgetc(FI); if(d>127) d=128*(d-128)+fgetc(FI); Init_FInfoList(&FIi);
data/palp-2.20/Subdb.c:680:43: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d=fgetc(FI); if(d>127) d=128*(d-128)+fgetc(FI); Init_FInfoList(&FIi);
data/palp-2.20/Subdb.c:683:26: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(i=0;i<d;i++) {j=fgetc(FI); fputc(j,FO);}
data/palp-2.20/Subdb.c:910:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d=fgetc(F); assert(d==0); /* for(i=0;i<d;i++) fgetc(F); */
data/palp-2.20/Subdb.c:911:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d=fgetc(F); L.nV=fgetc(F); L.nVmax=fgetc(F); L.NUCmax=fgetc(F);
data/palp-2.20/Subdb.c:911:23: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d=fgetc(F); L.nV=fgetc(F); L.nVmax=fgetc(F); L.NUCmax=fgetc(F);
data/palp-2.20/Subdb.c:911:41: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d=fgetc(F); L.nV=fgetc(F); L.nVmax=fgetc(F); L.NUCmax=fgetc(F);
data/palp-2.20/Subdb.c:911:60: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d=fgetc(F); L.nV=fgetc(F); L.nVmax=fgetc(F); L.NUCmax=fgetc(F);
data/palp-2.20/Subdb.c:917:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ v=fgetc(F); L.nNUC[v]=fgetc(F); /* read #nuc's per #Vert */
data/palp-2.20/Subdb.c:917:31: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ v=fgetc(F); L.nNUC[v]=fgetc(F); /* read #nuc's per #Vert */
data/palp-2.20/Subdb.c:919:27: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ L.NFnum[v][nu=fgetc(F)]=fgetUI(F); /* read nuc and #NF(v,nu)*/
data/palp-2.20/Subdb.c:926:37: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ for(s=0;s<nu;s++) uc[s]=fgetc(F);
data/palp-2.20/Subdb.c:959:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *Ifx, *Ifn = (char *) malloc(1+strlen(dbi)+File_Ext_NCmax);
data/palp-2.20/Subdb.c:962:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(Ifn,dbi); Ifx=&Ifn[strlen(dbi)]; strcpy(Ifx,".info");
data/palp-2.20/Subdb.c:979:48: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ int I,J; unsigned char uc[NUC_Nmax]; v=fgetc(F); assert(v<=VERT_Nmax);
data/palp-2.20/Subdb.c:980:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nu=fgetc(F); AuxGet_uc(F,&nu,uc); assert(!ferror(F));
data/palp-2.20/Subdb.c:1030:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *dbname = (char *) malloc(1+strlen(dbin)+File_Ext_NCmax), *fx;
data/palp-2.20/Subdb.c:1031:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *dbhname = (char *) malloc(6+strlen(dbout)+File_Ext_NCmax), *fhx;
data/palp-2.20/Subdb.c:1051:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fx=&dbname[strlen(dbin)+1];
data/palp-2.20/Subdb.c:1052:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fhx=&dbhname[strlen(dbout)+1];
data/palp-2.20/Subdb.c:1100:39: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (j=0; j<nu; j++) uc_poly[j]=fgetc(DB.Fv[v]);
data/palp-2.20/Subdb.c:1147:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *dbaname = (char *) malloc(6+strlen(dbaux)+File_Ext_NCmax), *fax;
data/palp-2.20/Subdb.c:1149:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(char *) malloc(6+strlen(*dbout ? dbout : dbaux)+File_Ext_NCmax), *fhx;
data/palp-2.20/Subdb.c:1165:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fhx=&dbhname[strlen(dbout)+1];
data/palp-2.20/Subdb.c:1166:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fax=&dbaname[strlen(dbaux)+1];
data/palp-2.20/Subdb.c:1207:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
h12=fgetc(Fchia);
data/palp-2.20/Subdb.c:1214:4: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c=fgetc(Fchia); fputc(c,Fh[h12]);
data/palp-2.20/Subdb.c:1218:33: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (j=0;j<3;j++) fputc(fgetc(Fchia),Fh[h12]);
data/palp-2.20/Subdb.c:1219:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nuc=fgetc(Fchia); fputc(nuc,Fh[h12]);
data/palp-2.20/Subdb.c:1220:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c=fgetc(Fchia);
data/palp-2.20/Subdb.c:1223:40: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (j=0;j<nuc%64-1;j++) fputc(fgetc(Fchia),Fh[h12]);}
data/palp-2.20/Subdb.c:1249:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *filename = (char *) malloc(6+strlen(dbname)+File_Ext_NCmax), *fhx;
data/palp-2.20/Subdb.c:1261:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fhx=&filename[strlen(dbname)+1];
data/palp-2.20/Subdb.c:1299:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c1=fgetc(Fh))!=EOF){
data/palp-2.20/Subdb.c:1301:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
/* c2= */ fgetc(Fh);
data/palp-2.20/Subdb.c:1303:5: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c1=fgetc(Fh); /* c2= */ fgetc(Fh);
data/palp-2.20/Subdb.c:1303:26: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c1=fgetc(Fh); /* c2= */ fgetc(Fh);
data/palp-2.20/Subdb.c:1305:5: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c1=fgetc(Fh);
data/palp-2.20/Subdb.c:1308:40: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (j=0;j<nuc;j++) /* uc_poly[j]= */ fgetc(Fh);
data/palp-2.20/Subdb.c:1324:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*filename = (char *) malloc(6+strlen(dbname)+File_Ext_NCmax), *fhx;
data/palp-2.20/Subdb.c:1397:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fhx=&filename[strlen(dbname)+1];
data/palp-2.20/Subdb.c:1438:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c1=fgetc(Fh))!=EOF){
data/palp-2.20/Subdb.c:1441:5: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c2=fgetc(Fh);
data/palp-2.20/Subdb.c:1443:5: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c1=fgetc(Fh); c2=fgetc(Fh);
data/palp-2.20/Subdb.c:1443:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c1=fgetc(Fh); c2=fgetc(Fh);
data/palp-2.20/Subdb.c:1445:5: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c1=fgetc(Fh);
data/palp-2.20/Subdb.c:1448:33: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (j=0;j<nuc;j++) uc_poly[j]=fgetc(Fh);
data/palp-2.20/Subdb.c:1497:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c1=fgetc(Ft))!=EOF){
data/palp-2.20/Subdb.c:1498:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c2=fgetc(Ft);
data/palp-2.20/Subdb.c:1500:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c1=fgetc(Ft); c2=fgetc(Ft);
data/palp-2.20/Subdb.c:1500:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c1=fgetc(Ft); c2=fgetc(Ft);
data/palp-2.20/Subdb.c:1502:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c1=fgetc(Ft);
data/palp-2.20/Subdb.c:1504:36: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (j=0;j<nuc;j++) uc_poly[j]=fgetc(Ft);
data/palp-2.20/Subdb.c:1517:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dbname = (char *) malloc(1+strlen(dbin)+File_Ext_NCmax);
data/palp-2.20/Subdb.c:1519:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(dbname,dbin); strcat(dbname,".info"); fx=&dbname[strlen(dbin)+1];
data/palp-2.20/Subdb.c:1818:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d=fgetc(F); assert(d==0); /* for(i=0;i<d;i++) fgetc(F); */
data/palp-2.20/Subdb.c:1819:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d=fgetc(F); L.nV=fgetc(F); L.nVmax=fgetc(F); L.NUCmax=fgetc(F);
data/palp-2.20/Subdb.c:1819:23: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d=fgetc(F); L.nV=fgetc(F); L.nVmax=fgetc(F); L.NUCmax=fgetc(F);
data/palp-2.20/Subdb.c:1819:41: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d=fgetc(F); L.nV=fgetc(F); L.nVmax=fgetc(F); L.NUCmax=fgetc(F);
data/palp-2.20/Subdb.c:1819:60: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d=fgetc(F); L.nV=fgetc(F); L.nVmax=fgetc(F); L.NUCmax=fgetc(F);
data/palp-2.20/Subdb.c:1825:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ v=fgetc(F); L.nNUC[v]=fgetc(F); /* read #nuc's per #Vert */
data/palp-2.20/Subdb.c:1825:31: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ v=fgetc(F); L.nNUC[v]=fgetc(F); /* read #nuc's per #Vert */
data/palp-2.20/Subdb.c:1827:27: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ L.NFnum[v][nu=fgetc(F)]=fgetUI(F); /* read nuc and #NF(v,nu)*/
data/palp-2.20/Subdb.c:1834:37: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ for(s=0;s<nu;s++) uc[s]=fgetc(F);
data/palp-2.20/Subdb.c:1862:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *Ifx, *Ifn = (char *) malloc(1+strlen(dbi)+File_Ext_NCmax);
data/palp-2.20/Subdb.c:1865:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(Ifn,dbi); Ifx=&Ifn[strlen(dbi)]; strcpy(Ifx,".info");
data/palp-2.20/Subdb.c:1886:48: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ int I,J; unsigned char uc[NUC_Nmax]; v=fgetc(F); assert(v<=VERT_Nmax);
data/palp-2.20/Subdb.c:1887:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nu=fgetc(F); AuxGet_uc(F,&nu,uc); assert(!ferror(F));
data/palp-2.20/Subpoly.c:1141:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *dbname = (char *) malloc(1+strlen(dbin)+File_Ext_NCmax), *fx;
data/palp-2.20/Subpoly.c:1146:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dbname,".");
data/palp-2.20/Subpoly.c:1147:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fx=&dbname[strlen(dbin)+1];
data/palp-2.20/Subpoly.c:1162:34: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (j=0; j<nu; j++) uc_poly[j]=fgetc(dbfile);
data/palp-2.20/Subpoly.c:1269:35: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
int i,j,k,drop_point[POLY_Dmax],equal;
data/palp-2.20/Subpoly.c:1282:25: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
for(i=0;(i<V.nv)&&(!equal);i++){
data/palp-2.20/Subpoly.c:1284:27: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
for (j=0;(j<_P->n)&&equal;j++)
data/palp-2.20/Subpoly.c:1288:10: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (!equal){
data/palp-2.20/cws.c:417:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(' '==(c=fgetc(inFILE )));
data/palp-2.20/cws.c:422:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while('\n'!=fgetc(inFILE)); /* read to end of line */
data/palp-2.20/lgotwist.c:167:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(' '!=(i=fgetc(infi))) if(i==EOF) return 0; else s->p[s->N++]=i-'0';
data/palp-2.20/lgotwist.c:170:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(fgetc(infi)-'\n'); return 1;
data/palp-2.20/lgotwist.c:832:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while('\n'!=(c=fgetc(infi)))if(c==EOF){puts("End of File");exit(0);}}
data/palp-2.20/nef.c:490:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(inFILE);
data/palp-2.20/nef.c:500:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (' ' == (c = fgetc(inFILE)));
data/palp-2.20/nef.c:508:25: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (!IsDigit(c = fgetc(inFILE)));
data/palp-2.20/nef.c:511:24: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (' ' == (c = fgetc(inFILE)));
data/palp-2.20/nef.c:515:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (fgetc(inFILE) - '\n')
ANALYSIS SUMMARY:
Hits = 477
Lines analyzed = 21626 in approximately 1.04 seconds (20881 lines/second)
Physical Source Lines of Code (SLOC) = 17441
Hits@level = [0] 1723 [1] 173 [2] 231 [3] 1 [4] 72 [5] 0
Hits@level+ = [0+] 2200 [1+] 477 [2+] 304 [3+] 73 [4+] 72 [5+] 0
Hits/KSLOC@level+ = [0+] 126.14 [1+] 27.3493 [2+] 17.4302 [3+] 4.18554 [4+] 4.1282 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.