Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/pluto-find-orb-0.0~git20180227/miscell.cpp Examining data/pluto-find-orb-0.0~git20180227/ephem.h Examining data/pluto-find-orb-0.0~git20180227/resource.h Examining data/pluto-find-orb-0.0~git20180227/findorb.cpp Examining data/pluto-find-orb-0.0~git20180227/orbitdlg.h Examining data/pluto-find-orb-0.0~git20180227/eigen.cpp Examining data/pluto-find-orb-0.0~git20180227/roots.cpp Examining data/pluto-find-orb-0.0~git20180227/pl_cache.cpp Examining data/pluto-find-orb-0.0~git20180227/bmouse.h Examining data/pluto-find-orb-0.0~git20180227/stackall.cpp Examining data/pluto-find-orb-0.0~git20180227/geo_pot.cpp Examining data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp Examining data/pluto-find-orb-0.0~git20180227/healpix.cpp Examining data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp Examining data/pluto-find-orb-0.0~git20180227/sigma.cpp Examining data/pluto-find-orb-0.0~git20180227/moid4.cpp Examining data/pluto-find-orb-0.0~git20180227/ephem0.cpp Examining data/pluto-find-orb-0.0~git20180227/about.cpp Examining data/pluto-find-orb-0.0~git20180227/about.h Examining data/pluto-find-orb-0.0~git20180227/shellsor.cpp Examining data/pluto-find-orb-0.0~git20180227/sigma.h Examining data/pluto-find-orb-0.0~git20180227/find_orb.cpp Examining data/pluto-find-orb-0.0~git20180227/simplex.cpp Examining data/pluto-find-orb-0.0~git20180227/elem_out.cpp Examining data/pluto-find-orb-0.0~git20180227/elem_ou2.cpp Examining data/pluto-find-orb-0.0~git20180227/sr.cpp Examining data/pluto-find-orb-0.0~git20180227/elem2tle.cpp Examining data/pluto-find-orb-0.0~git20180227/fo_serve.cpp Examining data/pluto-find-orb-0.0~git20180227/eph2tle.cpp Examining data/pluto-find-orb-0.0~git20180227/cssfield.cpp Examining data/pluto-find-orb-0.0~git20180227/details.h Examining data/pluto-find-orb-0.0~git20180227/orb_fun2.cpp Examining data/pluto-find-orb-0.0~git20180227/fo.cpp Examining data/pluto-find-orb-0.0~git20180227/runge.cpp Examining data/pluto-find-orb-0.0~git20180227/settings.h Examining data/pluto-find-orb-0.0~git20180227/bias.cpp Examining data/pluto-find-orb-0.0~git20180227/gauss.cpp Examining data/pluto-find-orb-0.0~git20180227/clipfunc.cpp Examining data/pluto-find-orb-0.0~git20180227/nanosecs.cpp Examining data/pluto-find-orb-0.0~git20180227/orb_func.cpp Examining data/pluto-find-orb-0.0~git20180227/generic.h Examining data/pluto-find-orb-0.0~git20180227/bmouse.cpp Examining data/pluto-find-orb-0.0~git20180227/mt64.h Examining data/pluto-find-orb-0.0~git20180227/monte0.h Examining data/pluto-find-orb-0.0~git20180227/stackall.h Examining data/pluto-find-orb-0.0~git20180227/find_orb.h Examining data/pluto-find-orb-0.0~git20180227/monte.cpp Examining data/pluto-find-orb-0.0~git20180227/mycurses.cpp Examining data/pluto-find-orb-0.0~git20180227/pl_cache.h Examining data/pluto-find-orb-0.0~git20180227/conv_ele.cpp Examining data/pluto-find-orb-0.0~git20180227/generic.cpp Examining data/pluto-find-orb-0.0~git20180227/mycurses.h Examining data/pluto-find-orb-0.0~git20180227/monte.h Examining data/pluto-find-orb-0.0~git20180227/roottest.cpp Examining data/pluto-find-orb-0.0~git20180227/bc405.cpp Examining data/pluto-find-orb-0.0~git20180227/stdafx.h Examining data/pluto-find-orb-0.0~git20180227/b32_eph.cpp Examining data/pluto-find-orb-0.0~git20180227/ephem.cpp Examining data/pluto-find-orb-0.0~git20180227/errors.cpp Examining data/pluto-find-orb-0.0~git20180227/monte0.cpp Examining data/pluto-find-orb-0.0~git20180227/sm_vsop.cpp Examining data/pluto-find-orb-0.0~git20180227/collide.cpp Examining data/pluto-find-orb-0.0~git20180227/settings.cpp Examining data/pluto-find-orb-0.0~git20180227/lsquare.cpp Examining data/pluto-find-orb-0.0~git20180227/details.cpp Examining data/pluto-find-orb-0.0~git20180227/curs_lin.h Examining data/pluto-find-orb-0.0~git20180227/lsquare.h Examining data/pluto-find-orb-0.0~git20180227/stdafx.cpp Examining data/pluto-find-orb-0.0~git20180227/mt64.cpp Examining data/pluto-find-orb-0.0~git20180227/mpc_obs.h FINAL RESULTS: data/pluto-find-orb-0.0~git20180227/b32_eph.cpp:194:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf( tbuff, hdr_fmt, 128, jpl_id, data/pluto-find-orb-0.0~git20180227/collide.cpp:44:35: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ (( format( printf, 1, 2))) data/pluto-find-orb-0.0~git20180227/elem2tle.cpp:113:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tle.intl_desig, intl_desig); data/pluto-find-orb-0.0~git20180227/elem_ou2.cpp:36:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int snprintf( char *string, const size_t max_len, const char *format, ...); data/pluto-find-orb-0.0~git20180227/elem_ou2.cpp:203:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( obuff, templat); /* CR/LF or LF */ data/pluto-find-orb-0.0~git20180227/elem_out.cpp:56:35: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ (( format( printf, 3, 4))) data/pluto-find-orb-0.0~git20180227/elem_out.cpp:133:35: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ (( format( printf, 1, 2))) data/pluto-find-orb-0.0~git20180227/elem_out.cpp:177:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( obuff, "%ld %s %d", year, month_names[month - 1], day1); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:182:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( obuff, "-%s %d", month_names[month2 - 1], day2); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:185:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( obuff, "%ld %s %d-%ld %s %d", year, month_names[month - 1], data/pluto-find-orb-0.0~git20180227/elem_out.cpp:299:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tbuff, text[i] + 8); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:325:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf( obuff, get_find_orb_text( 15), n_included, n_obs); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:327:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf( obuff, get_find_orb_text( 16), n_included); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:340:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf( rms_buff, rms_format, rms); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:342:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf( obuff, get_find_orb_text( 17), rms_buff); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:400:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff, "%-8s%5.2f %4.2f ", packed_desig2, elem->abs_mag, data/pluto-find-orb-0.0~git20180227/elem_out.cpp:441:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff + 165, " %-30s", full_desig); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:483:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff, "%-43s%8.5f%3d%5ld Find_Orb %14.7f%12.7f%11.6f%12.6f%12.6f", data/pluto-find-orb-0.0~git20180227/elem_out.cpp:548:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff + reference_loc, reference); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1070:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff, tptr); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1083:19: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tt_ptr, "; %s=%.4g", constraints, *mass); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1088:19: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tt_ptr, "; bad '%s'", constraints); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1091:16: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tt_ptr, "; Constraint: %s", constraints); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1120:22: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( tbuff0, sigma_buff); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1125:19: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( tt_ptr, (strlen( tt_ptr) > 50) ? "\n" : " "); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1172:19: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( addendum, " %s: %.4f", moid_text[j], moid); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1174:22: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( buff, addendum); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1178:25: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( more_moids, addendum); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1191:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff + 33, more_moids); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1246:19: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tbuff, zptr); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1269:22: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( phg_line, buff); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1282:19: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( buff, tbuff); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1300:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff + j, body_frame_note); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1400:10: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf( ofile, (perturbers & 0x400) ? "(Merc-Pluto plus Luna)" : data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1482:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( impact_buff, " %s lat %+9.5f lon ", buff, data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1523:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tbuff, "# $Name=%s", object_name); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1530:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tbuff + strlen( tbuff), " $Ty=%s $Tm=%s $Td=%s", data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1559:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf( ofile, (nongrav_sigmas_found ? " %s %s" : "# %s %s"), data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1621:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf( ofile, (using_sr ? "Statistical Ranging\n" : "Full Monte Carlo\n")); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:2313:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tbuff, get_find_orb_text( i + 1000)); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:2317:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( month_names[i], tbuff); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:2533:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( rval[loc].code, obs[i].mpc_code); data/pluto-find-orb-0.0~git20180227/eph2tle.cpp:581:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tle.intl_desig, intl_desig); data/pluto-find-orb-0.0~git20180227/eph2tle.cpp:618:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( obj_name, buff + 19); data/pluto-find-orb-0.0~git20180227/ephem.cpp:60:35: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ (( format( printf, 1, 2))) data/pluto-find-orb-0.0~git20180227/ephem.cpp:268:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff, get_find_orb_text( 7)); /* "No step size specified!" */ data/pluto-find-orb-0.0~git20180227/ephem.cpp:273:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff, get_find_orb_text( 6)); data/pluto-find-orb-0.0~git20180227/ephem.cpp:278:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff, get_find_orb_text( 14)); data/pluto-find-orb-0.0~git20180227/ephem.cpp:322:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff, get_find_orb_text( 12)); data/pluto-find-orb-0.0~git20180227/ephem.cpp:334:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff, get_find_orb_text( 13)); data/pluto-find-orb-0.0~git20180227/ephem.cpp:341:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( note_text, "For %s, %s", mlon.m_psz, mlat.m_psz); data/pluto-find-orb-0.0~git20180227/ephem.cpp:343:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( note_text, "For %s, %s", m_lon, m_lat); data/pluto-find-orb-0.0~git20180227/ephem.cpp:347:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( note_text, mpc_station_name( buff)); /* copy in observer loc */ data/pluto-find-orb-0.0~git20180227/ephem.cpp:407:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( (char *)lf->lfFaceName, font_specifier + bytes); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:73:35: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ (( format( printf, 1, 2))) data/pluto-find-orb-0.0~git20180227/ephem0.cpp:84:35: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ (( format( printf, 3, 4))) data/pluto-find-orb-0.0~git20180227/ephem0.cpp:179:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int snprintf( char *string, const size_t max_len, const char *format, ...) data/pluto-find-orb-0.0~git20180227/ephem0.cpp:186:11: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. rval = vsprintf( string, format, argptr); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:188:11: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. rval = vsnprintf( string, max_len, format, argptr); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:210:11: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. rval = vsprintf( string + ilen, format, argptr); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:212:11: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. rval = vsnprintf( string + ilen, max_len - ilen, format, argptr); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:258:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf( buff, 8, fmt, dist_in_au); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:296:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff, tbuff + 1); /* store value without leading 0 */ data/pluto-find-orb-0.0~git20180227/ephem0.cpp:356:13: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf( buff, 8, fmt, dist_in_light_years); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:392:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf( buff, 8, format, vel); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1078:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf( buff, 7, motion_format, motion); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1139:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( histo[yloc], text); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1145:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( histo[ysize], histo[0]); /* copy top line to bottom */ data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1371:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( hr_min_text, pre_texts[hh_mm]); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1381:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( hr_min_text, tbuff); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1418:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf( ofile, (options & OPTION_SEPARATE_MOTIONS) ? " RA '/hr dec " : " '/hr PA "); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1830:16: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( buff, tbuff); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2110:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf( obuff, 4, (two_digits ? "%02u" : "%03u"), data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2236:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf( text, 6, (zval < 9.9 ? "%4.1f%c" : "%4.0f%c"), data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2241:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf( text, 6, (precise ? "%5.3f" : "%5.2f"), zval); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2285:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf( buff, 7, (fabs( sigmas) > 9.9 ? " %+4.0f " : " %+4.1f "), sigmas); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2367:16: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf( text, 10, date_format_text[n_time_digits], day); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2384:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( text, (base_format == RESIDUAL_FORMAT_FULL_WITH_TABS) ? data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2532:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( text, tbuff + 11); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2536:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( text, tbuff + 11); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2603:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( obuff, obs->second_line + 81); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2666:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( filename, template_file_name); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2704:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( curr_sigma_text, obuff); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2822:22: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( scope, buff + 4); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2945:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( stations[j], obs_data[i].mpc_code); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3017:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( inserted_text, (j == 2) ? " Measurer" : " Observer"); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3265:19: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( buff, mpec_error_message); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3293:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( replace_str, obj_name); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3372:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( mpc_code, buff + 77); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3397:25: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( tbuff, terms[i]); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3655:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tbuff, tptr + 10); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3697:13: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf( replace, sizeof( replace), format, rgb); data/pluto-find-orb-0.0~git20180227/findorb.cpp:143:35: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ (( format( printf, 1, 2))) data/pluto-find-orb-0.0~git20180227/findorb.cpp:182:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int snprintf( char *string, const size_t max_len, const char *format, ...); data/pluto-find-orb-0.0~git20180227/findorb.cpp:572:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff + strlen( buff), "T Ephem start: %s\n", ephemeris_start); data/pluto-find-orb-0.0~git20180227/findorb.cpp:575:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff + strlen( buff), "S Step size: %s\n", ephemeris_step_size); data/pluto-find-orb-0.0~git20180227/findorb.cpp:576:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff + strlen( buff), "L Location: (%s) ", mpc_code); data/pluto-find-orb-0.0~git20180227/findorb.cpp:581:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff + strlen( buff), "Z Motion info in ephemerides: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:584:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff + strlen( buff), "O Separate motions: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:587:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff + strlen( buff), "A Alt/az info in ephemerides: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:589:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff + strlen( buff), "R Radial velocity in ephemerides: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:591:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff + strlen( buff), "P Phase angle in ephemerides: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:593:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff + strlen( buff), "B Phase angle bisector: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:595:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff + strlen( buff), "H Heliocentric ecliptic: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:597:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff + strlen( buff), "X Topocentric ecliptic: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:599:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff + strlen( buff), "G Ground track: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:603:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff + strlen( buff), "V Visibility indicator: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:605:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff + strlen( buff), "U Suppress unobservables: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:610:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff + strlen( buff), "J Lunar elongation: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:612:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff + strlen( buff), "D Positional sigmas: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:614:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff + strlen( buff), "Y Computer-friendly output: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:616:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff + strlen( buff), "W Round to nearest step: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:618:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff + strlen( buff), "I Space velocity in ephemerides: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:621:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff + strlen( buff), "C %s\n", ephem_type_strings[ephem_type]); data/pluto-find-orb-0.0~git20180227/findorb.cpp:698:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( mpc_code, buff); data/pluto-find-orb-0.0~git20180227/findorb.cpp:702:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( mpc_code, buff); data/pluto-find-orb-0.0~git20180227/findorb.cpp:941:19: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( desig, ids[i + curr_page].obj_name); data/pluto-find-orb-0.0~git20180227/findorb.cpp:944:19: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff, "Object %d of %d: %s", data/pluto-find-orb-0.0~git20180227/findorb.cpp:966:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff, "%-*s", column_width, desig); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1216:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( buff, get_find_orb_text( 99108 + i - 1)); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1255:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff, get_find_orb_text( 99108 + i)); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1441:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( resid_data, buff + 39); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1448:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff + strlen( buff), resid_data + 10); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1526:16: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( buff, (obs_number == curr_obs ? "> " : " ")); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1556:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff, "(%s)", mpc_color_codes[i].code); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1591:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff, legends[base_format]); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1725:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff, msgs[msg_num] + 1); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1727:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff, err_text); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1731:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( buff, search_text); data/pluto-find-orb-0.0~git20180227/findorb.cpp:2355:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( ephemeris_start, get_environment_ptr( "EPHEM_START")); data/pluto-find-orb-0.0~git20180227/findorb.cpp:2442:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf( tbuff, err_msg, argv[1]); data/pluto-find-orb-0.0~git20180227/findorb.cpp:2539:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( obj_name, ids[id_number].obj_name); data/pluto-find-orb-0.0~git20180227/findorb.cpp:2540:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tbuff, "Loading '%s'...", obj_name); data/pluto-find-orb-0.0~git20180227/findorb.cpp:2669:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tbuf, ctime( &t0) + 11); data/pluto-find-orb-0.0~git20180227/findorb.cpp:2803:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( message_to_user, (add_off_on ? " on" : " off")); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3086:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( message_to_user, get_find_orb_text( 19)); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3096:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( message_to_user, get_find_orb_text( 20)); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3200:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( message_to_user, data/pluto-find-orb-0.0~git20180227/findorb.cpp:3366:16: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf( message_to_user, data/pluto-find-orb-0.0~git20180227/findorb.cpp:3398:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( message_to_user, data/pluto-find-orb-0.0~git20180227/findorb.cpp:3482:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( message_to_user, (c == ':') ? "Orbit linearized" : data/pluto-find-orb-0.0~git20180227/findorb.cpp:3486:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( message_to_user, (c == ':') ? "Linearizing FAILED" : data/pluto-find-orb-0.0~git20180227/findorb.cpp:4056:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( message_to_user, messages[list_codes]); data/pluto-find-orb-0.0~git20180227/findorb.cpp:4087:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( message_to_user, longname( )); data/pluto-find-orb-0.0~git20180227/findorb.cpp:4219:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tbuff, "%s%s.htm", path, obs->packed_id); data/pluto-find-orb-0.0~git20180227/findorb.cpp:4426:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tbuff, "%s %d %d %d", mpc_code, data/pluto-find-orb-0.0~git20180227/findorb.cpp:4433:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tbuff, "%d %s", n_ephemeris_steps, ephemeris_step_size); data/pluto-find-orb-0.0~git20180227/fo.cpp:70:35: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ (( format( printf, 1, 2))) data/pluto-find-orb-0.0~git20180227/fo.cpp:629:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tbuff, orbit_summary_text); data/pluto-find-orb-0.0~git20180227/fo.cpp:687:19: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( fullpath, "%s/%s.htm", mpec_path, ids[i].packed_desig); data/pluto-find-orb-0.0~git20180227/fo.cpp:706:25: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( new_line, "<a href=\"%s\">%s</a>%s", data/pluto-find-orb-0.0~git20180227/fo.cpp:715:28: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( new_line + strlen( new_line), " %s %s %s", data/pluto-find-orb-0.0~git20180227/fo.cpp:721:28: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( new_line + strlen( new_line), "%s", tbuff + 68); data/pluto-find-orb-0.0~git20180227/fo.cpp:726:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( summary_lines[n_lines_written], new_line); data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:46:35: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ (( format( printf, 1, 2))) data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:75:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( mpec_error_message, prompt); data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:82:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( new_message, mpec_error_message); data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:83:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( new_message, prompt); data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:253:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tbuff, "./grab_mpc %s %s", filename, buff); data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:254:17: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. i = system( tbuff); data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:387:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( n_ids == -1 ? "Couldn't open observation file\n" : data/pluto-find-orb-0.0~git20180227/miscell.cpp:46:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( oname, alt_config_directory); data/pluto-find-orb-0.0~git20180227/miscell.cpp:47:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( oname, iname); data/pluto-find-orb-0.0~git20180227/miscell.cpp:51:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( oname, iname); data/pluto-find-orb-0.0~git20180227/miscell.cpp:55:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( oname, getenv( "HOME")); data/pluto-find-orb-0.0~git20180227/miscell.cpp:60:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( oname, iname); data/pluto-find-orb-0.0~git20180227/miscell.cpp:104:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff, "Error opening %s: %s", data/pluto-find-orb-0.0~git20180227/moid4.cpp:35:35: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ (( format( printf, 1, 2))) data/pluto-find-orb-0.0~git20180227/monte0.cpp:16:35: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ (( format( printf, 1, 2))) data/pluto-find-orb-0.0~git20180227/monte0.cpp:246:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf( buff, (*full_sigmas ? "%13.6g" : "%10.3g"), ival); data/pluto-find-orb-0.0~git20180227/monte0.cpp:343:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tbuff, "%10s", zbuff); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:79:35: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ (( format( printf, 1, 2))) data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:91:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int snprintf( char *string, const size_t max_len, const char *format, ...); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:96:35: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ (( format( printf, 3, 4))) data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:119:7: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf( ofile, format, argptr); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:246:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff, obuff); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:346:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff, tbuff + 40); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:587:22: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( rval[*n_stations], buff); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:618:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff + 30, tbuff + 19); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:715:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff, station_data[i]); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:763:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tbuff, mpc_code); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:764:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf( tbuff + 3, format_string, lon0, lat0, alt0); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:766:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tbuff + 30, name_from_header); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:768:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff, tbuff); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:777:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff, blank_line); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:802:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff, blank_line); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:809:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff, curr_station); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1119:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( rval[lines_read], buff); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1152:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( name, buff + slen); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1256:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( xdesig, packed_desig); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1269:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( obuff, extra_names[i] + 13); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1297:19: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( obuff, planet_names[i]); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1301:16: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( obuff, roman_hundreds[obj_number / 100]); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1303:16: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( obuff, roman_tens[(obj_number / 10) % 10]); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1305:16: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( obuff, roman_digits[obj_number % 10]); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1361:19: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( obuff + strlen( obuff), " = %s", provisional_desig); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1410:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tbuff, " %s ", obuff - 2); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1438:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( obuff + 7, suffixes[stn]); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1630:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tbuff, "Didn't find observer %s\n", obs->mpc_code); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1988:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( xlate_table + i * 26, buff); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2191:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( obuff + 5, desig); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2210:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff, obuff); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2538:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( second_radar_line, obuff); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2575:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( second_radar_line + 68, obuff + 68); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2582:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff, obuff); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2585:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff + 81, second_radar_line); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2694:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( obs1->reference, obs2->reference); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3246:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( rval[i].packed_id, original_packed_desig); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3262:19: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( second_line, buff + 81); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3288:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( rval[i].second_line, second_line); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3295:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( rval[i].second_line, second_line); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3296:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( rval[i].second_line + 81, buff); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3315:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( rval[i].second_line, second_line); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3894:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff, "No information about station '%s'", tbuff); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3952:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tbuff, env_ptr); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4084:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( obuff, "MPC %s", reference); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4086:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( obuff, "MPC 10%s", reference + 1); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4088:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( obuff, "MPS %d%s", *reference - 'a', reference + 1); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4128:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( obuff, reference); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4408:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff + strlen( buff), "RA vel %s decvel %s dT=", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4452:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff, "ang vel %s at PA %.1f", tbuff, data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4464:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( buff, tbuff); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4475:16: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff + strlen( buff), " %s ago", tbuff); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4482:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff, optr->second_line); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4586:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( buff, net_name); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4619:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( buff, __DATE__); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4708:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tptr, lines[i]); data/pluto-find-orb-0.0~git20180227/orb_fun2.cpp:54:35: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ (( format( printf, 1, 2))) data/pluto-find-orb-0.0~git20180227/orb_func.cpp:118:35: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ (( format( printf, 1, 2))) data/pluto-find-orb-0.0~git20180227/orb_func.cpp:174:35: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ (( format( printf, 3, 4))) data/pluto-find-orb-0.0~git20180227/orb_func.cpp:1846:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tstr, using_pseudo_vaisala ? "Vaisala set_locs" : "H/set_locs (1)"); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:3248:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( title_text, (asteroid_mass ? "Sigma_mass" : "Sigma_AMR")); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:3615:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( msg_buff, "%s step: radii %f, %f", data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:95:35: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ (( format( printf, 1, 2))) data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:220:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( path2, path); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:226:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff, CT2A( dlg.GetPathName( ))); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:291:4: [4] (buffer) _tcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. _tcscpy( buff, CA2T( get_find_orb_text( index), CP_UTF8)); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:310:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tbuff, CT2A( m_r1)); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:524:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( path, filename); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:823:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( obj_name, obj_info[selected].obj_name); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:966:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tstr, envptr); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:974:10: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf( envptr, "%d %s", &dlg.m_number_steps, tstr); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1021:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( tstr, CT2A( dlg.m_ephem_step)); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1027:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( tstr, CT2A( dlg.m_mpc_code)); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1036:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff, get_find_orb_text( 3)); /* "No orbit to make an ephemeris!" */ data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1048:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( filename, get_find_orb_text( 2)); /* "No residuals to save!" */ data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1114:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff, get_find_orb_text( 1)); /* "No orbit to improve!" */ data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1322:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff, get_find_orb_text( 4)); /* "Method of Gauss failed!" */ data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1380:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buff, get_find_orb_text( 5)); /* "No changes made!" */ data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1476:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buff, "Object %d of %d: %s\n", selected + 1, n_objects, data/pluto-find-orb-0.0~git20180227/pl_cache.cpp:43:35: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ (( format( printf, 1, 2))) data/pluto-find-orb-0.0~git20180227/roottest.cpp:119:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( poly_text, argv[i]); data/pluto-find-orb-0.0~git20180227/runge.cpp:74:35: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ (( format( printf, 1, 2))) data/pluto-find-orb-0.0~git20180227/sigma.cpp:45:35: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ (( format( printf, 1, 2))) data/pluto-find-orb-0.0~git20180227/elem_out.cpp:2431:4: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand( seed); data/pluto-find-orb-0.0~git20180227/eph2tle.cpp:561:16: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand( atoi( argv[i] + 2)); data/pluto-find-orb-0.0~git20180227/miscell.cpp:41:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *home_ptr = getenv( "HOME"); data/pluto-find-orb-0.0~git20180227/miscell.cpp:55:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. strcpy( oname, getenv( "HOME")); data/pluto-find-orb-0.0~git20180227/mycurses.cpp:80:36: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *default_mode_text = getenv( "MYCURSES_MODE"); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:622:4: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand( (unsigned)time( NULL)); /* for Monte Carlo code */ data/pluto-find-orb-0.0~git20180227/b32_eph.cpp:49:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[128]; data/pluto-find-orb-0.0~git20180227/b32_eph.cpp:65:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi( vector_options) ? "ecliptic" : "equatorial"); data/pluto-find-orb-0.0~git20180227/b32_eph.cpp:158:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[128]; data/pluto-find-orb-0.0~git20180227/b32_eph.cpp:164:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). jpl_id = atoi( filename + i); data/pluto-find-orb-0.0~git20180227/b32_eph.cpp:167:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbi, orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/b32_eph.cpp:192:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ofile = fopen( filename, "wb"); data/pluto-find-orb-0.0~git20180227/b32_eph.cpp:209:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tbuff, "max err: %.3g\nEnd: ", max_err); data/pluto-find-orb-0.0~git20180227/bc405.cpp:69:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ifile = fopen( ast_ephem_filename, "rb"); data/pluto-find-orb-0.0~git20180227/bc405.cpp:93:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[100]; data/pluto-find-orb-0.0~git20180227/bc405.cpp:314:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[180]; data/pluto-find-orb-0.0~git20180227/bc405.cpp:420:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( posns1, posns0, bc405_n_asteroids * 3 * sizeof( int16_t)); data/pluto-find-orb-0.0~git20180227/bc405.cpp:425:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( posns0, posns1, bc405_n_asteroids * 3 * sizeof( int16_t)); data/pluto-find-orb-0.0~git20180227/bc405.cpp:436:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n_asteroids_to_use = atoi( get_environment_ptr( "BC405_ASTEROIDS")); data/pluto-find-orb-0.0~git20180227/bc405.cpp:496:38: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *debug_file = fopen( "astpert.txt", "ab"); data/pluto-find-orb-0.0~git20180227/bc405.cpp:546:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const int asteroid_number = atoi( argv[1]); data/pluto-find-orb-0.0~git20180227/bc405.cpp:583:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). iposn[i] = (int16_t)atoi( argv[i + 3]); data/pluto-find-orb-0.0~git20180227/bias.cpp:95:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[600]; /* first time: read ASCII file & binary-ize; */ data/pluto-find-orb-0.0~git20180227/bias.cpp:100:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ifile = fopen( fcct14_bias_file_name, "rb"); data/pluto-find-orb-0.0~git20180227/clipfunc.cpp:84:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *ifile = fopen( filename, "rb"); data/pluto-find-orb-0.0~git20180227/clipfunc.cpp:125:27: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if( (ofile = fopen( filename, permits)) != NULL) data/pluto-find-orb-0.0~git20180227/cssfield.cpp:59:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char obscode[4]; data/pluto-find-orb-0.0~git20180227/cssfield.cpp:91:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char bad_code[10]; data/pluto-find-orb-0.0~git20180227/cssfield.cpp:115:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( bad_code, obs_code, 4); data/pluto-find-orb-0.0~git20180227/cssfield.cpp:128:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[200]; data/pluto-find-orb-0.0~git20180227/cssfield.cpp:150:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "css%d.csv", file_number); data/pluto-find-orb-0.0~git20180227/cssfield.cpp:151:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ifile = fopen( buff, "rb"); data/pluto-find-orb-0.0~git20180227/cssfield.cpp:160:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timestr[80]; data/pluto-find-orb-0.0~git20180227/cssfield.cpp:225:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ofile = fopen( "css.idx", "wb"); data/pluto-find-orb-0.0~git20180227/details.cpp:121:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( new_array, det->code_details, det->n_code_details * sizeof( mpc_code_details_t)); data/pluto-find-orb-0.0~git20180227/details.cpp:207:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( tptr, mptr->lines, mptr->n_lines * sizeof( char *)); data/pluto-find-orb-0.0~git20180227/details.cpp:211:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( mptr->lines[mptr->n_lines], iline, len); data/pluto-find-orb-0.0~git20180227/elem2tle.cpp:109:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tle.norad_number = atoi( norad_desig); data/pluto-find-orb-0.0~git20180227/elem_ou2.cpp:59:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[80]; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:180:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( obuff, "-%d", day2); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:190:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( obuff, " (%.2f sec)", (jd2 - jd1) * seconds_per_day); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:192:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( obuff, " (%.1f sec)", (jd2 - jd1) * seconds_per_day); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:194:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( obuff, " (%.1f min)", (jd2 - jd1) * minutes_per_day); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:196:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( obuff, " (%.1f hr)", (jd2 - jd1) * hours_per_day); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:233:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( filename, "efindorb.txt"); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:282:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[20]; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:291:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if( atoi( text[i]) == index) data/pluto-find-orb-0.0~git20180227/elem_out.cpp:296:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tbuff[100]; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:323:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( obuff, "%d of %d", n_included, n_obs); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:331:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rms_buff[14]; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:397:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char packed_desig2[40]; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:404:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + 20, "%c%02ld%X%c", data/pluto-find-orb-0.0~git20180227/elem_out.cpp:408:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + 25, "%10.5f%11.5f%11.5f%11.5f%11.7f", data/pluto-find-orb-0.0~git20180227/elem_out.cpp:414:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + 79, "%12.8f%12.7f", data/pluto-find-orb-0.0~git20180227/elem_out.cpp:422:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + 103, data/pluto-find-orb-0.0~git20180227/elem_out.cpp:429:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + 127, "%4.1f sec ", arc_length * seconds_per_day); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:431:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + 127, "%4.1f min ", arc_length * minutes_per_day); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:433:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + 127, "%4.1f hrs ", arc_length * hours_per_day); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:435:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + 127, "%4d days", (int)arc_length + 1); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:437:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + 127, "%4d-%4d", data/pluto-find-orb-0.0~git20180227/elem_out.cpp:444:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + 194, "%04ld%02d%02d", year, month, day); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:446:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + 137, "%4.2f", rms_err); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:448:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + 137, "%4.1f", rms_err); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:450:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + 137, "%4.0f", rms_err); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:466:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( buff + 142, coarse_perturb, 3); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:467:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( buff + 146, precise_perturb, 2); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:491:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + 71, "%12.10f", elem->q); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:494:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), " %9.1f%5.1f%5.1f %c", data/pluto-find-orb-0.0~git20180227/elem_out.cpp:499:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), " Center: %d", elem->central_obj); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:500:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, " "); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:516:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char orbit_summary_text[80]; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:562:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *filenames[4] = { NULL, "covar.txt", "monte.txt", "monte.txt" }; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:563:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[100]; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:614:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( tptr, " +/- "); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:639:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( xform[2], planet_matrix + 6, 3 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:696:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char templat[MAX_SOF_LEN], obuff[MAX_SOF_LEN]; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:697:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output_filename[100]; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:917:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char object_name[80], buff[260], more_moids[80]; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:925:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char impact_buff[80]; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:939:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int elements_frame = atoi( get_environment_ptr( "ELEMENTS_FRAME")); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:959:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit2, orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:961:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( helio_ecliptic_j2000_vect, orbit2, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:971:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( j2000_ecliptic_rel_orbit, rel_orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1011:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( orbit_summary_text, "a=%.3f, ", elem.major_axis); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1013:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( orbit_summary_text, "q=%.3f, ", elem.q); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1014:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( orbit_summary_text + strlen( orbit_summary_text), data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1063:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sigma_buff[80]; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1069:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sigma_buff, "+/- "); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1079:50: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). double *mass = get_asteroid_mass( atoi( constraints + 2)); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1094:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tt_ptr, "; %.2f%% impact (%d/%d)", data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1101:16: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( sigma_buff, " TT"); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1107:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff0[40], sig_name[20]; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1117:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( sig_name, "Sigma_A%d:", j + 1); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1123:19: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( tt_ptr, " AU/day^2"); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1138:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tt_ptr, "; AMR %.5g", data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1142:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( tt_ptr, " m^2/kg"); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1147:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char moid_idx[N_MOIDS] = { 3, 5, 2, 1, 4, 6, 7, 8, data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1152:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi( get_environment_ptr( "MOIDS")) >> j) & 1; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1167:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addendum[30]; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1168:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *moid_text[N_MOIDS] = { "Earth MOID", "Ju", data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1182:23: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( orbit_summary_text + strlen( orbit_summary_text), data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1206:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + 32, "U%5.1f ", uncertainty_parameter); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1242:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[80]; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1255:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char phg_line[80]; /* contains P, H, G, sometimes U text */ data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1261:22: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( phg_line, buff, 19); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1262:22: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( phg_line + 19, " H ", 10); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1263:22: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( phg_line + 29, buff + 23, 4); /* move H */ data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1264:22: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( phg_line + 33, " G ", 5); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1265:22: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( phg_line + 38, buff + 35, 5); /* move G */ data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1281:19: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, " "); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1310:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( buff + 36, body_frame_note, strlen( body_frame_note)); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1330:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi( get_environment_ptr( "VECTOR_OPTS")) != 0); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1332:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orb, orbit2, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1417:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *names[3] = { "Earth", "Jupiter", "Neptune" }; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1489:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( end_ptr, "%c%.5f", data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1497:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( end_ptr, "%9.5f", lon); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1520:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_buff[40]; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1532:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tbuff + strlen( tbuff), " $MA=%.5f", data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1536:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tbuff, "# $ecc=%.7f $Eqnx=2000.", helio_elem.ecc); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1539:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tbuff, "# $a=%.7f $Peri=%.5f $Node=%.5f", data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1543:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tbuff + strlen( tbuff), " $Incl=%.5f", data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1547:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tbuff, "# $EpJD=%.3f $q=%.6f", helio_elem.epoch, helio_elem.q); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1548:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tbuff + strlen( tbuff), " $T=%.6f $H=%.1f", data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1554:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[20], obuff[50]; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1556:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( key, "Sigma_A%d:", i); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1593:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_buff[48], virtual_full_desig[40]; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1599:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( name_buff, "%05d", n_clones_accepted); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1601:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( virtual_full_desig + strlen( virtual_full_desig), " [%d]", data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1726:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[200]; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1789:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char object_name[80]; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1797:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[120]; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1903:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *outer_planets[11] = { " ", data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1971:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[80]; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1981:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). excluded_asteroid_number = atoi( id->obj_name + 1); /* itself */ data/pluto-find-orb-0.0~git20180227/elem_out.cpp:2007:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[80]; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:2259:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[150]; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:2261:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "%c,%d,%d,%d,%f,%f", data/pluto-find-orb-0.0~git20180227/elem_out.cpp:2267:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "%.3f %f %u %d", probability_of_blunder * 100., data/pluto-find-orb-0.0~git20180227/elem_out.cpp:2272:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "%d %.2f %d %d %d", use_sigmas ? 1 : 0, data/pluto-find-orb-0.0~git20180227/elem_out.cpp:2291:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char month_names[12][17]; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:2311:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[100], *tptr; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:2364:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cospar_name[255]; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:2369:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). max_n_sr_orbits = atoi( get_environment_ptr( "MAX_SR_ORBITS")); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:2521:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( new_array, rval, n_alloced * sizeof( MPC_STATION)); data/pluto-find-orb-0.0~git20180227/eph2tle.cpp:132:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[300]; data/pluto-find-orb-0.0~git20180227/eph2tle.cpp:184:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( trial_state, state_vect, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/eph2tle.cpp:246:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( trial_state, state_vect, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/eph2tle.cpp:441:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( vects[i], starting_params, n_params * sizeof( double)); data/pluto-find-orb-0.0~git20180227/eph2tle.cpp:480:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *ifile = fopen( "eph2tle.txt", "rb"); data/pluto-find-orb-0.0~git20180227/eph2tle.cpp:486:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[200], obj_name[100]; data/pluto-find-orb-0.0~git20180227/eph2tle.cpp:517:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). verbose = 1 + atoi( argv[i] + 2); data/pluto-find-orb-0.0~git20180227/eph2tle.cpp:531:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). params_to_set = atoi( argv[i] + 2); data/pluto-find-orb-0.0~git20180227/eph2tle.cpp:539:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ofile = fopen( output_filename, "wb"); data/pluto-find-orb-0.0~git20180227/eph2tle.cpp:549:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). output_freq = atoi( argv[i] + 2); data/pluto-find-orb-0.0~git20180227/eph2tle.cpp:561:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). srand( atoi( argv[i] + 2)); data/pluto-find-orb-0.0~git20180227/eph2tle.cpp:564:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n_iterations = atoi( argv[i] + 2); data/pluto-find-orb-0.0~git20180227/eph2tle.cpp:580:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tle.norad_number = atoi( norad_desig); data/pluto-find-orb-0.0~git20180227/eph2tle.cpp:593:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ifile = fopen( argv[1], "rb"); data/pluto-find-orb-0.0~git20180227/eph2tle.cpp:624:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tle.norad_number = atoi( tptr + 6); data/pluto-find-orb-0.0~git20180227/eph2tle.cpp:628:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if( atoi( tptr) > 1900 && tptr[4] == '-' && data/pluto-find-orb-0.0~git20180227/eph2tle.cpp:629:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi( tptr + 5) > 0) data/pluto-find-orb-0.0~git20180227/eph2tle.cpp:631:22: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( tle.intl_desig, tptr + 2, 2); /* get year */ data/pluto-find-orb-0.0~git20180227/eph2tle.cpp:632:22: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( tle.intl_desig + 2, tptr + 5, 4); /* launch # */ data/pluto-find-orb-0.0~git20180227/eph2tle.cpp:717:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char obuff[200]; data/pluto-find-orb-0.0~git20180227/ephem.cpp:166:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[_MAX_DIR]; data/pluto-find-orb-0.0~git20180227/ephem.cpp:255:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[200], *err_msg = NULL; data/pluto-find-orb-0.0~git20180227/ephem.cpp:285:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char note_text[80]; data/pluto-find-orb-0.0~git20180227/ephem.cpp:355:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( temp_orbit, orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/ephem.cpp:369:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *ifile = fopen( ephemeris_filename, "r"); data/pluto-find-orb-0.0~git20180227/ephem.cpp:383:27: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *ofile = fopen( ephemeris_filename, "a"); data/pluto-find-orb-0.0~git20180227/ephem.cpp:422:7: [2] (buffer) wcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. Risk is low because the source is a constant string. wcscpy(lf->lfFaceName, L"Courier New"); // Request font data/pluto-find-orb-0.0~git20180227/ephem.cpp:424:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(lf->lfFaceName, "Courier New"); // Request font data/pluto-find-orb-0.0~git20180227/ephem.cpp:467:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[_MAX_DIR]; data/pluto-find-orb-0.0~git20180227/ephem.cpp:494:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[80]; data/pluto-find-orb-0.0~git20180227/ephem.cpp:496:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "rval %d", rval); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:269:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( buff, "!!!!"); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:293:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[7]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:303:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( buff, " <NEG!>"); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:336:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( buff, " <HUGE>"); /* largest made-up units */ data/pluto-find-orb-0.0~git20180227/ephem0.cpp:525:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char obscode[4]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:550:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char resid_buff[9]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:660:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const int inclusion = atoi( get_environment_ptr( "FIELD_INCLUSION")) ^ 3; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:682:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbi, orbit, 6 * n_orbits * sizeof( double)); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:699:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( p2, p1, n_orbits * sizeof( obj_location_t)); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:729:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( temp_orbit, orbi, 6 * n_orbits * sizeof( double)); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:730:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( p3, p2, n_orbits * sizeof( obj_location_t)); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:738:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_buff[40], buff[200]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:774:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[20]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:794:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[100]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:841:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[20]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1125:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[10]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1132:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( text, "-0"); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1142:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( histo[0] + xloc, text + 1, strlen( text + 1)); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1327:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbits_at_epoch, orbit, n_objects * 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1368:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hr_min_text[80]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1369:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *pre_texts[4] = { "", " HH", " HH:MM", " HH:MM:SS" }; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1377:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[2]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1484:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[440]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1508:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obs_posn_equatorial, obs_posn, 3 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1562:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( temp_obs.obs_posn, obs_posn, 3 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1566:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( topo_ecliptic, topo, 3 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1582:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char format_text[20]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1640:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_buff[80]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1666:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ra_buff[80], dec_buff[80], date_buff[80]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1667:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char r_buff[20], solar_r_buff[20]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1678:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( buff, "Nothing to see here... move along... uninteresting... who cares?..."); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1699:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[13]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1811:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[4]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1882:22: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, " Sha "); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1947:19: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, " n/a"); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1997:19: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( buff, "................\n"); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2004:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( buff, "DANGER!\n"); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2055:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[100]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2071:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char note_text[100], buff[100]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2165:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char format[7]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2218:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( text, " Err!"); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2277:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( output_text, "------ "); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2283:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( buff, " HUGE "); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2296:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xresid[30], yresid[30]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2359:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *date_format_text[7] = { "%02.0f ", data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2403:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( xresid, " ---- "); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2419:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( xresid, " HUGE "); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2422:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( yresid, " ---- "); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2436:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( yresid, " HUGE "); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2465:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( xresid, " !!!! "); /* show "it's a long time" */ data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2526:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[50]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2583:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[15]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2587:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( buff, tbuff + 1, 3); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2589:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( buff, tbuff, 3); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2597:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[100]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2608:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff, obs->packed_id, 12); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2612:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff + 15, buff, 17); /* date/time */ data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2613:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff + 32, buff + 24, 12); /* RA */ data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2614:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff + 44, buff + 38, 13); /* dec */ data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2622:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff + 56, obs->columns_57_to_65, 9); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2676:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( filename, template_file_name, count); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2684:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[81], curr_sigma_text[81]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2691:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char obuff[81]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2741:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( list, ", "); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2743:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( lptr, names, len); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2804:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[700]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2902:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[200], *loc; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2919:19: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( loc, line + REPLACEMENT_COLUMN, len2); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2958:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stations[400][5]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2963:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[200], tbuff[100]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2964:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char details[4][300]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3009:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inserted_text[15], *outtext = details[j]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3024:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( outtext, inserted_text, strlen( inserted_text)); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3065:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[200]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3196:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[500], mpec_buff[7]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3203:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). unsigned mpec_no = atoi( get_environment_ptr( "MPEC")); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3256:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( tptr, mpec_buff, strlen( mpec_buff)); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3264:19: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( buff, "<p> <b>"); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3266:19: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, "</b> </p>"); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3277:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char search_str[80], replace_str[180]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3279:19: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( search_str, tptr, i); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3283:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[300], *tptr2; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3369:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mpc_code[8]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3385:19: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( tptr, "<code class=\"neocp\">"); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3388:19: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( tptr + length_of_redacted_text, "</code>"); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3392:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[80]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3393:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *terms[4] = { "Astrometry", "redacted;", data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3396:25: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( tbuff, "</code>"); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3398:25: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( tbuff, "<code class=\"neocp\">"); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3399:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( tptr + i * 15 + 2, terms[i], strlen( terms[i])); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3436:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char url[200]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3464:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[4]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3469:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( tbuff, buff + 1, 3); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3491:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text_to_find[50], *tptr; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3585:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char title[50]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3650:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( tbuff, tptr + 7, 3); /* ...then the obs code.. */ data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3685:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char replace[80]; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3696:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( color + 4, "</a>", 4); /* insert end tag */ data/pluto-find-orb-0.0~git20180227/findorb.cpp:312:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *ofile = fopen( filename, "wb"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:327:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *ifile = fopen( filename, "rb"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:360:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[200]; data/pluto-find-orb-0.0~git20180227/findorb.cpp:401:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( tbuff + side_borders, prompt + i, j - i); data/pluto-find-orb-0.0~git20180227/findorb.cpp:502:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( sr_orbits, orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/findorb.cpp:510:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( sr_orbits, orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/findorb.cpp:520:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char mpc_code[80]; data/pluto-find-orb-0.0~git20180227/findorb.cpp:521:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ephemeris_start[80], ephemeris_step_size[80]; data/pluto-find-orb-0.0~git20180227/findorb.cpp:529:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[2000]; data/pluto-find-orb-0.0~git20180227/findorb.cpp:559:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, ")\n"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:561:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), " (Ephem end: JD %.5f = ", jd_end); data/pluto-find-orb-0.0~git20180227/findorb.cpp:564:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, ")\n"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:568:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( buff, "(Ephemeris starting time isn't valid)\n"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:573:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), "N Number steps: %d\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:608:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), "F Suppress when fainter than mag: %.1f\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:622:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), "? Help about making ephemerides\n"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:623:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), "M Make ephemeris\n"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:624:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), "Q Quit/return to main display"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:706:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( ephemeris_start, "+0"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:710:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( mpc_code, "500"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:733:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if( atoi( buff) > 0) data/pluto-find-orb-0.0~git20180227/findorb.cpp:734:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n_ephemeris_steps = atoi( buff); data/pluto-find-orb-0.0~git20180227/findorb.cpp:764:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( ephemeris_start, "+0"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:810:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, ".b32"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:869:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char obuff[2]; data/pluto-find-orb-0.0~git20180227/findorb.cpp:881:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "%d obs; ", id->n_obs); data/pluto-find-orb-0.0~git20180227/findorb.cpp:900:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char search_text[20]; data/pluto-find-orb-0.0~git20180227/findorb.cpp:913:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[280]; data/pluto-find-orb-0.0~git20180227/findorb.cpp:932:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desig[181]; data/pluto-find-orb-0.0~git20180227/findorb.cpp:1143:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[80]; data/pluto-find-orb-0.0~git20180227/findorb.cpp:1149:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( buff, "R1:"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1153:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( buff, " R2:"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1194:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[400]; data/pluto-find-orb-0.0~git20180227/findorb.cpp:1200:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( buff, "A Automatic\n"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1208:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), "%c%c ", data/pluto-find-orb-0.0~git20180227/findorb.cpp:1211:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, "Barycentric\n"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1213:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, "Heliocentric\n"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1243:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[20]; data/pluto-find-orb-0.0~git20180227/findorb.cpp:1245:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( buff, "(o)"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1292:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[40]; data/pluto-find-orb-0.0~git20180227/findorb.cpp:1294:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( tbuff, tptr, residual_field_size); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1395:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[200]; data/pluto-find-orb-0.0~git20180227/findorb.cpp:1434:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char resid_data[70]; /* format, w/added data if it fits */ data/pluto-find-orb-0.0~git20180227/findorb.cpp:1462:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + column, "%16.5f", data/pluto-find-orb-0.0~git20180227/findorb.cpp:1473:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + column, "%11.5f", diff * 180. / PI); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1479:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + column, "%11.5f", diff * 180. / PI); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1512:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[50]; data/pluto-find-orb-0.0~git20180227/findorb.cpp:1571:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[90]; data/pluto-find-orb-0.0~git20180227/findorb.cpp:1589:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[290]; data/pluto-find-orb-0.0~git20180227/findorb.cpp:1605:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( buff + 13, "Resi Mres", 10); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1636:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[260], err_text[100]; data/pluto-find-orb-0.0~git20180227/findorb.cpp:1642:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char search_text[100]; data/pluto-find-orb-0.0~git20180227/findorb.cpp:1710:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, " Line %d of %d", line_no, n_lines); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1730:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, " Find: "); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1733:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, " Search text not found"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1986:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[30]; data/pluto-find-orb-0.0~git20180227/findorb.cpp:2033:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Standard observation data shown"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:2037:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Short MPC residual format selected"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:2041:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Display of original MPC reports selected"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:2059:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( temp_obs, obs, *n_obs * sizeof( OBSERVE)); data/pluto-find-orb-0.0~git20180227/findorb.cpp:2060:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( temp_obs + *n_obs, obs2, n_obs_actually_loaded * sizeof( OBSERVE)); data/pluto-find-orb-0.0~git20180227/findorb.cpp:2105:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *ifile = fopen( filename, "rb"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:2106:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[80]; data/pluto-find-orb-0.0~git20180227/findorb.cpp:2182:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char obj_name[80], tbuff[500], orbit_constraints[90]; data/pluto-find-orb-0.0~git20180227/findorb.cpp:2196:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message_to_user[180]; data/pluto-find-orb-0.0~git20180227/findorb.cpp:2246:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). debug_level = atoi( argv[i] + 2); data/pluto-find-orb-0.0~git20180227/findorb.cpp:2281:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). integration_method = atoi( argv[i] + 2); data/pluto-find-orb-0.0~git20180227/findorb.cpp:2285:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). max_mpc_color_codes = atoi( argv[i] + 2); data/pluto-find-orb-0.0~git20180227/findorb.cpp:2291:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). process_count = atoi( argv[i] + 2); data/pluto-find-orb-0.0~git20180227/findorb.cpp:2345:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( tbuff, argv[i], len); data/pluto-find-orb-0.0~git20180227/findorb.cpp:2548:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ifile = fopen( argv[1], "rb"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:2667:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[40]; data/pluto-find-orb-0.0~git20180227/findorb.cpp:2783:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tbuff, "Msg line %d of %d\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:2853:10: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t text[100], *search_ptr; data/pluto-find-orb-0.0~git20180227/findorb.cpp:2866:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( message_to_user, "x=%d y=%d z=%d button=%lx", data/pluto-find-orb-0.0~git20180227/findorb.cpp:3102:30: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *ifile = fopen( argv[1], "rb"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3127:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "All subsequent observations toggled"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3135:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "All observations from xxx toggled"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3164:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Solar radiation pressure is now"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3172:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Three-parameter comet non-gravs"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3177:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Comet non-gravs off"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3182:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Two-parameter comet non-gravs"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3195:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Asteroids toggled"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3224:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( message_to_user, "%d x %d text mode selected", data/pluto-find-orb-0.0~git20180227/findorb.cpp:3243:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Automatic full improvement repeat is"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3326:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( saved_orbit, orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3344:19: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit, saved_orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3364:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit2, orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3400:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( message_to_user + strlen( message_to_user), "(%.5f s)", data/pluto-find-orb-0.0~git20180227/findorb.cpp:3424:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Gauss solution found"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3427:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Gauss method failed!"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3439:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Simplex method used"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3445:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Superplex method used"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3497:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( message_to_user, "Radii set: %f %f", r1, r2); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3501:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Observation details toggled"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3507:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, data/pluto-find-orb-0.0~git20180227/findorb.cpp:3525:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Orbit is now unconstrained"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3528:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( orbit_constraints, "e=1,i=144"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3530:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( orbit_constraints, "e=1,i=72,O=72"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3532:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( orbit_constraints, "e=1,i=26,O=81"); /* q=.049? */ data/pluto-find-orb-0.0~git20180227/findorb.cpp:3546:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Display of orbital elements toggled"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3595:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( message_to_user, "Epoch = %f (%f); sigma %f", data/pluto-find-orb-0.0~git20180227/findorb.cpp:3607:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( message_to_user, "Adjusted by %f sigmas", n_sigmas); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3614:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (unsigned)atoi( get_environment_ptr( "MAX_SR_ORBITS")); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3624:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( message_to_user, "%d orbits computed: best score=%.3f\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:3629:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit, orbits, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3689:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( message_to_user, "R1 = %f; R2 = %f", r1, r2); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3712:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[80]; data/pluto-find-orb-0.0~git20180227/findorb.cpp:3716:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ofile = fopen( filename, "wb"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3726:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit2, orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3746:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Showing time/cross-track residuals"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3748:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Showing RA/dec residuals"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3755:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Last orbit operation undone"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3760:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "No more orbits to undo!"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3784:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi( get_environment_ptr( "H")), curr_epoch); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3822:22: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( message_to_user, "Trial orbit error %d\n", retval); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3825:22: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( message_to_user, "Minimum at %f\n", angle_param); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3835:22: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( message_to_user, "Trial orbit error %d\n", retval); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3870:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Worst observation found"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3878:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Inclusion of observation toggled"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3892:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( state2, orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3902:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( message_to_user, "Change = %.3e AU = %.3e km; %lu.%lu seconds", data/pluto-find-orb-0.0~git20180227/findorb.cpp:3917:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). debug_level = atoi( tbuff); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3950:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Symmetric derivatives are"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3970:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Positional uncertainty reset"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3977:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( message_to_user, "Magnitude sigma reset to %.3e", data/pluto-find-orb-0.0~git20180227/findorb.cpp:3983:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( message_to_user, "Time sigma reset to %.3e seconds", data/pluto-find-orb-0.0~git20180227/findorb.cpp:3991:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Mouse debugging"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:3999:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Setting outside of arc turned"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:4005:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Full arc set"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:4017:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Using nuclear mags for comets"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:4019:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Using total mags for comets"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:4033:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Magnitude residual display turned"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:4045:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Delta display turned"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:4050:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *messages[3] = { data/pluto-find-orb-0.0~git20180227/findorb.cpp:4088:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( message_to_user, " "); data/pluto-find-orb-0.0~git20180227/findorb.cpp:4102:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( message_to_user, "KEY_RESIZE: %d x %d", data/pluto-find-orb-0.0~git20180227/findorb.cpp:4117:19: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "No filtering done"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:4119:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( message_to_user, "Rejections at %.3f sigmas", rms); data/pluto-find-orb-0.0~git20180227/findorb.cpp:4125:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user,"Residual legend"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:4134:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Normal resids"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:4140:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Super-precise resids"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:4145:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Precise resids"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:4165:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Observation(s) set to computed values"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:4169:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( message_to_user, "Extended %d obs", data/pluto-find-orb-0.0~git20180227/findorb.cpp:4207:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit2, orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/findorb.cpp:4223:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Ephemeride-less pseudo-MPEC made"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:4227:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( message_to_user, "Euler = %f", data/pluto-find-orb-0.0~git20180227/findorb.cpp:4259:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Alternative element format"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:4273:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "No circular orbits found"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:4288:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "'All reasonable'"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:4296:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( message_to_user, "Curr_epoch %f; epoch_shown %f\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:4303:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if( (i = atoi( tbuff)) > 0) data/pluto-find-orb-0.0~git20180227/findorb.cpp:4326:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "FCCT14 debiasing is"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:4353:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n_variants = atoi( tbuff); data/pluto-find-orb-0.0~git20180227/findorb.cpp:4373:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( message_to_user, "Time: %.3f seconds", data/pluto-find-orb-0.0~git20180227/findorb.cpp:4382:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( message_to_user, data/pluto-find-orb-0.0~git20180227/findorb.cpp:4385:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( message_to_user, "Elements copied to clipboard"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:4409:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( message_to_user, "Key %d ($%x, o%o) hit", c, c, c); data/pluto-find-orb-0.0~git20180227/fo.cpp:105:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "%d observations; ", id->n_obs); data/pluto-find-orb-0.0~git20180227/fo.cpp:143:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[255]; data/pluto-find-orb-0.0~git20180227/fo.cpp:150:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cpath[255]; data/pluto-find-orb-0.0~git20180227/fo.cpp:171:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[400]; data/pluto-find-orb-0.0~git20180227/fo.cpp:187:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ofile = fopen( filename, "w"); data/pluto-find-orb-0.0~git20180227/fo.cpp:191:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ofile = fopen( filename, "w"); data/pluto-find-orb-0.0~git20180227/fo.cpp:247:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff, ibuff, 5); data/pluto-find-orb-0.0~git20180227/fo.cpp:290:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ibuff[400], *tptr; data/pluto-find-orb-0.0~git20180227/fo.cpp:310:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( buff + 68, tptr + 4, 7); data/pluto-find-orb-0.0~git20180227/fo.cpp:337:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( text, "\033[3xm", 5); data/pluto-find-orb-0.0~git20180227/fo.cpp:343:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( text, "\033[0m", 4); data/pluto-find-orb-0.0~git20180227/fo.cpp:365:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[300]; data/pluto-find-orb-0.0~git20180227/fo.cpp:417:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). debug_level = atoi( argv[i] + 2); data/pluto-find-orb-0.0~git20180227/fo.cpp:452:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). starting_object = atoi( argv[i] + 2); data/pluto-find-orb-0.0~git20180227/fo.cpp:455:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n_processes = atoi( argv[i] + 2); data/pluto-find-orb-0.0~git20180227/fo.cpp:481:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char curr_time[50]; data/pluto-find-orb-0.0~git20180227/fo.cpp:484:32: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). summary_ofile = fopen( argv[i] + 2, "wb"); data/pluto-find-orb-0.0~git20180227/fo.cpp:497:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). total_objects = atoi( argv[i] + 2); data/pluto-find-orb-0.0~git20180227/fo.cpp:518:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( tbuff, argv[i], len); data/pluto-find-orb-0.0~git20180227/fo.cpp:591:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ifile = fopen( argv[1], "rb"); data/pluto-find-orb-0.0~git20180227/fo.cpp:654:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullpath[100]; data/pluto-find-orb-0.0~git20180227/fo.cpp:657:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ephemeris_step_size[20], mpc_code[20]; data/pluto-find-orb-0.0~git20180227/fo.cpp:703:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_line[300]; data/pluto-find-orb-0.0~git20180227/fo.cpp:762:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *headers[4] = { data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:157:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char boundary[100], mpec_name[100]; data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:158:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ephemeris_step_size[80], mpc_code[20]; data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:160:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char field[30]; data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:163:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *lock_file = fopen( "lock.txt", "w"); data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:197:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( mpc_code, "500"); data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:216:27: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *ofile = fopen( temp_obs_filename, data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:223:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). debug_level = atoi( tptr + 12); data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:228:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[100]; data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:230:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *ofile = fopen( temp_obs_filename, data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:236:27: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *ifile = fopen( "../../neocp2/neocp.txt", "rb"); data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:248:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[40]; data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:252:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( filename, "temp%02d.ast", j % 100); data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:258:30: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *ifile = fopen( filename, "rb"); data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:297:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n_ephem_steps = atoi( buff); data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:305:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). center_object = atoi( buff); data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:345:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ephemeris_output_options += atoi( buff); data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:404:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ifile = fopen( temp_obs_filename, "rb"); data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:459:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( mpec_name, "mpec.htm"); data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:462:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ifile = fopen( mpec_name, "rb"); data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:468:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const int counter = atoi( mpec_name + i - 7); data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:472:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( mpec_name + i - 7, "%03d.htm", counter % 999 + 1); data/pluto-find-orb-0.0~git20180227/geo_pot.cpp:1765:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n_terms = atoi( argv[3]); data/pluto-find-orb-0.0~git20180227/geo_pot.cpp:1784:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n_terms = atoi( argv[4]); data/pluto-find-orb-0.0~git20180227/healpix.cpp:165:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *ifile = fopen( "tiles.dat", "rb"); data/pluto-find-orb-0.0~git20180227/healpix.cpp:166:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[100]; data/pluto-find-orb-0.0~git20180227/lsquare.cpp:342:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( rval, a, size * size * sizeof( ldouble)); data/pluto-find-orb-0.0~git20180227/lsquare.cpp:388:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). debug_file = fopen( "lsquare.dat", "ab"); data/pluto-find-orb-0.0~git20180227/lsquare.cpp:501:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *ifile = fopen( "imatrix", "rb"); data/pluto-find-orb-0.0~git20180227/miscell.cpp:56:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( oname, "/.find_orb/"); data/pluto-find-orb-0.0~git20180227/miscell.cpp:84:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). rval = fopen( filename, permits + 1); data/pluto-find-orb-0.0~git20180227/miscell.cpp:88:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tname[255]; data/pluto-find-orb-0.0~git20180227/miscell.cpp:96:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). rval = fopen( tname, permits); data/pluto-find-orb-0.0~git20180227/miscell.cpp:99:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). rval = fopen( filename, permits); data/pluto-find-orb-0.0~git20180227/miscell.cpp:102:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[300]; data/pluto-find-orb-0.0~git20180227/moid4.cpp:45:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( mat[0], elem->perih_vec, 3 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/moid4.cpp:46:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( mat[1], elem->sideways, 3 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/monte0.cpp:255:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "%10d", (int)ival); data/pluto-find-orb-0.0~git20180227/monte0.cpp:318:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *text[MONTE_N_ENTRIES] = { data/pluto-find-orb-0.0~git20180227/monte0.cpp:321:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *units_text[MONTE_N_ENTRIES] = { data/pluto-find-orb-0.0~git20180227/monte0.cpp:326:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[40], *tptr; data/pluto-find-orb-0.0~git20180227/monte0.cpp:336:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zbuff[40]; data/pluto-find-orb-0.0~git20180227/monte0.cpp:338:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( zbuff, "%.8f", sigmas[i]); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:155:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[20]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:160:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( buff + 5, tbuff, 7); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:168:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desig[100], year[10], month[10], day[10]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:180:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char obuff[81]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:181:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[10], minutes[10], seconds[10]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:188:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff + 5, desig, 7); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:190:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff, desig, desig_len); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:191:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff + 19 - year_len, year, year_len); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:192:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff + 20, month, 2); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:193:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff + 23, day, day_len); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:202:19: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff + 32, tbuff, 2); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:212:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff + 35, minutes, 2); /* RA minutes */ data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:213:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff + 38, seconds, strlen( seconds)); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:222:19: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff + 44, tbuff, 3); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:232:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff + 48, minutes, 2); /* dec minutes */ data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:233:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff + 51, seconds, strlen( seconds)); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:238:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff + 65, tbuff, strlen( tbuff)); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:244:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff + 77, buff + strlen( buff) - 3, 3); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:290:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[20]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:292:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( tbuff, iptr, field_size); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:334:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[90]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:449:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[200]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:538:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rval = atoi( tptr + 1); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:575:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[200]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:609:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[100]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:616:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if( atoi( tbuff) == atoi( mpc_code + 3)) data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:616:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if( atoi( tbuff) == atoi( mpc_code + 3)) data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:619:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( buff, mpc_code, 3); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:761:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[90]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:803:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( buff, mpc_code, 3); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:865:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[12]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:869:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( tbuff, iptr, 11); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:966:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( equat, obs->obs_posn, 3 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1082:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( obuff, "%d", output_no); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1084:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( obuff + strlen( obuff), "%c", ibuff[6]); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1104:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[400]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1140:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[200]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1179:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[250]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1206:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if( desig[4] == '-' && atoi( desig) > 1956 && atoi( desig) < 2100 data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1206:53: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if( desig[4] == '-' && atoi( desig) > 1956 && atoi( desig) < 2100 data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1238:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char provisional_desig[40], xdesig[40]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1284:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *planet_names[8] = { "Venus", "Earth", "Mars", "Jupiter", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1286:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *roman_digits[10] = { "", "I", "II", "III", "IV", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1288:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *roman_tens[10] = { "", "X", "XX", "XXX", "XL", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1290:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *roman_hundreds[10] = { "", "C", "CC", "CCC", "CD", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1292:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const int obj_number = atoi( xdesig + 1); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1317:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( obuff, "S/%d%c%c", 20 + xdesig[5] - 'K', data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1352:40: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). number = number * 10000L + atol( xdesig + 1); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1356:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( obuff, "(%d)", number); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1369:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[20]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1386:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tbuff, "%3d%c/", atoi( xdesig), xdesig[4]); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1386:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sprintf( tbuff, "%3d%c/", atoi( xdesig), xdesig[4]); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1408:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[40]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1434:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *suffixes[4] = { " (CSS)", " (SSS)", " (MtL)", " (LAB)" }; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1437:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff, xdesig + 5, 7); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1448:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff, xdesig + i, 12 - i); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1613:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[300]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1620:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char unfound[10][4]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1631:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( tbuff, "Observation(s) will be excluded and treated as\n" data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1634:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( tbuff, " You can fix this by downloading the\n" data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1639:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( tbuff, " You can read about how to add an XXX\n" data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1692:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[300]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1705:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obs->packed_id, buff, 12); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1821:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( tbuff, "Didn't find observational bias data file\n" data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1850:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( desig, idesig, 12); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1897:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char reduced1[13], reduced2[13]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1919:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char reduced[13]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1951:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char prev_desig_in[12], prev_desig_out[12]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1953:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char reduced_desig[13]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1968:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[100]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2002:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( desig, prev_desig_out, 12); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2006:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( prev_desig_in, desig, 12); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2018:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( desig, xlate_ptr + 13, 12); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2020:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( prev_desig_out, desig, 12); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2135:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( desig, buff + 1, len - 2); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2141:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( desig, buff + 7, 7); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2147:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( desig, buff, len); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2155:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( mpc_code, buff + 37, 3); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2158:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[500]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2161:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( msg, "Find_Orb can use the NEOCP ephemeris you've given it.\n"); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2162:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( msg, "However, the ephemerides are geocentric. You'll\n"); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2163:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( msg, "get much better results if you select an observatory\n"); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2164:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( msg, "code, preferably one near the equator. (781) Quito\n"); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2165:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( msg, "is best for this purpose.\n"); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2166:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( mpc_code, "500", 3); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2171:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( mpc_code, buff + 18, 3); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2186:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char obuff[82]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2192:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff + 15, buff, 10); /* year, month, day */ data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2195:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minutes = atoi( buff + 11) * 60; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2197:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minutes = (atoi( buff + 11) / 100) * 60 + data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2198:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi( buff + 13); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2199:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( obuff + 25, ".%06d", minutes * 1000000 / (int)minutes_per_day); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2200:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff + 32, buff + 18, 10); /* RA */ data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2201:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff + 44, buff + 29, 9); /* dec */ data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2202:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff + 65, buff + 46, 4); /* mag */ data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2203:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( obuff + 72, "neocp"); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2204:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff + 77, mpc_code, 3); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2227:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const long ast_number = atoi( buff); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2233:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( obuff + 1, "%04ld", ast_number % 10000L); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2385:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff, ibuff, 17); /* MPC 'standard' 80-column format */ data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2393:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff + 5, ibuff + 8, 12); /* DD.ddddddddd */ data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2404:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char obuff[82], second_radar_line[82]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2418:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff + 34, buff + 36, 36); /* xyz */ data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2419:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff + 77, buff + 72, 3); /* MPC code */ data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2464:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int digits_to_drop = atoi( buff + 70) + 2; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2473:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const int digits_to_drop = atoi( buff + 123) + 2; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2500:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff + 72, buff + 198, 5); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2501:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff + 58, " rwo", 4); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2504:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff + 72, ".rwo ", 5); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2514:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const int year = atoi( buff + 17); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2536:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff + 68, buff + 99, 3); /* transmitting MPC code */ data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2537:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff + 77, buff + 103, 3); /* receiving MPC code */ data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2539:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). freq_in_mhz = get_radar_frequency( atoi( buff + 99), year); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2540:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( obuff + 62, "%5.0f", freq_in_mhz); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2549:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( obuff + 32, "%13.0f", val1 * 1e+8); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2550:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( second_radar_line + 34, "%12.0f", val2 * 1e+9); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2561:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( obuff + 48, "%13.0f", fabs( val1) * 1e+9); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2563:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( second_radar_line + 48, "%13.0f", val2 * 1e+9); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2567:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obuff + 72, "JPLRS", 5); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2586:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( buff + 81, buff, 13); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2624:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef char mpc_line[81]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2658:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( oline, stored_lines[i], sizeof( mpc_line)); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2662:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( stored_lines[i], stored_lines[n_stored], sizeof( mpc_line)); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2672:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( stored_lines[n_stored - 1], iline, sizeof( mpc_line)); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2675:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char swap_buff[80]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2677:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( swap_buff, iline, 80); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2678:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( iline, oline, 80); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2679:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( oline, swap_buff, 80); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2747:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[80]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2785:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( loc0 + offset, loc1 + offset, 14); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2809:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[70]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3154:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[350], mpc_code_from_neocp[4], desig_from_neocp[15]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3155:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char obj_name[80]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3183:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( mpc_code_from_neocp, "500"); /* default is geocenter */ data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3200:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char original_packed_desig[13]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3238:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( original_packed_desig, buff, 12); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3255:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char second_line[81]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3502:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "The observations span %.1f years, greater than Find_Orb's\n" data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3520:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( buff, "Not all satellite observations were read correctly.\n"); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3521:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, "This shouldn't happen. Please send your observation\n"); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3522:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, "file to pluto@projectpluto.com so it can be fixed.\n"); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3528:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "%u observations were duplicates.\n", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3530:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, "The duplicates have been removed.\n"); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3546:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "%u observations were incorrectly formatted.\n", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3548:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, "These observations will be ignored.\n"); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3582:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "%u observations are below the horizon.\n", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3585:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3588:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), "These observations will be ignored.\n"); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3614:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "%u observations match in date and observatory code,\n", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3616:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3623:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "%u observations match in date, RA/dec, magnitude, and MPC\n", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3625:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3635:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "%u observations are from spacecraft, but aren't marked\n", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3637:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, "as such and lack the 'second line' offset data. See\n\n"); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3638:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, "http://www.minorplanetcenter.net/iau/info/SatelliteObs.html\n"); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3639:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, "\nfor info on how to handle spacecraft-based observations.\n"); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3713:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *ifile = fopen( filename, "rb"); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3718:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[250], mpc_code_from_neocp[4], desig_from_neocp[15]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3739:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( mpc_code_from_neocp, "500"); /* default is geocenter */ data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3794:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( rval[loc].packed_desig, buff, 12); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3837:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg_buff[80]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3891:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[4]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3924:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[80]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4034:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[30]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4039:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). half_month = atoi( buff + 5) * 2 - 2; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4040:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if( atoi( buff + 8) >= 16) data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4045:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return( atoi( buff)); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4082:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( obuff, "NEOCP"); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4094:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( obuff, "MPEC ? ?-%c%d", reference[1], atoi( reference + 2)); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4094:55: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sprintf( obuff, "MPEC ? ?-%c%d", reference[1], atoi( reference + 2)); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4104:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( obuff + 5, "%4d", curr_year); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4109:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( obuff, "DASO %d", atoi( reference + 1)); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4109:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sprintf( obuff, "DASO %d", atoi( reference + 1)); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4119:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( obuff, "MPS %u", 260000 + mps_number); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4176:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( obuff, "%5.2f'/hr", motion); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4178:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( obuff, "%5.1f'/hr", motion); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4180:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( obuff, "%5.0f'/hr", motion); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4182:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( obuff, "%5.0f%c/hr", motion / 60., degree_symbol); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4184:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( obuff, "%5.0f%c/min", motion / 3600., degree_symbol); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4186:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( obuff, "%5.0f%c/sec", motion / 216000., degree_symbol); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4188:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( obuff, "!!!!!"); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4218:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[16]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4222:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( buff, ibuff, 15); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4243:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[20]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4249:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( tbuff, obs->second_line + 68, 3); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4277:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( tbuff, first_line + 62, 5); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4280:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( tbuff + 7, obs->second_line + 62, 8); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4297:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "RTDist (C) %.8fs = %.3f km; Dopp %.8f km/s = %.2f Hz", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4364:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "Time (obs) %.7f", rinfo.rtt_obs); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4366:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, " +/- %.1fus", rinfo.rtt_sigma * 1e+6); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4373:19: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( buff, " "); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4376:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "Shift(obs) %f", rinfo.doppler_obs); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4378:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, " +/- %f", rinfo.doppler_sigma); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4380:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( buff, " Hz"); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4385:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, " Dist (comp) %.9f = %.2f km", optr->r, data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4400:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ra_motion_buff[15], dec_motion_buff[15]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4403:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "Elong %5.1f Phase %5.1f ", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4425:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "%.3f sec", fabs( m.time_residual)); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4429:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "%.2f sec", m.time_residual); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4431:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "%.2f min", m.time_residual / 60.); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4433:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "%d min", (int)( m.time_residual / 60.)); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4435:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "%d hr", (int)( m.time_residual / 3600.)); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4437:19: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( buff, "!!!!"); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4447:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[15]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4454:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), " radial vel %.3f km/s cross ", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4457:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tbuff, "%.2f", m.cross_residual); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4459:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tbuff, "%4.1f", m.cross_residual); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4461:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tbuff, "%4d", (int)m.cross_residual); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4463:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( tbuff, "!!!!"); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4467:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tbuff, "%d min", (int)( tdiff * minutes_per_day)); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4469:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tbuff, "%.1f hr", tdiff * hours_per_day); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4471:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tbuff, "%.1f days", tdiff); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4477:16: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, " <FUTURE!>"); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4485:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( buff, "Delta="); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4489:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, " r="); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4492:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, " "); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4494:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), "mag=%5.2f ", optr->obs_mag); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4496:16: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, " "); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4498:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), "mag (computed)=%5.2f ", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4518:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( buff, "Sigma "); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4519:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + 6, "%.6f", optr->posn_sigma_1); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4525:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( end_ptr, "x%.6f", optr->posn_sigma_2); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4529:16: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, "\" "); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4531:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), "%d ", tilt_angle); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4536:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, " "); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4540:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), "Obj alt %.1f", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4543:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), " az %.1f", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4552:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, " %.2f,%.2f sigmas", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4555:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, " %.2f sigmas", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4560:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), " Sun alt %.1f", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4563:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), " az %.1f", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4576:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4585:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, " "); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4592:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "Mag sigma %g; ", optr->mag_sigma); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4595:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), "time sigma %g", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4598:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), " RA bias %.3f\" dec bias %.3f\"", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4618:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( buff, "Version "); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4640:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( buff, "(No observations selected)\n"); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4646:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "%d observations selected of %d\n", (int)n_selected, n_obs); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4662:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), "Mean RA residual %.3f +/- %.3f; dec %.3f +/- %.3f\n", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4676:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), "Observations are %.2f\" = %.2f' = %.3f degrees apart\n", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4679:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), "Time diff: %.2f sec = %.2f min = %.3f hrs\n", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4684:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), "Time diff: %.1f hrs = %.2f days\n", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4690:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), "Motion: %.2f'/hr in RA, %.2f'/hr in dec", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4692:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), " (total %.2f'/hr at PA %.1f)\n", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4714:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( tptr, "(No observation header available)\n"); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4721:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const int alt_info = atoi( get_environment_ptr( "ALT_INFO")); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4754:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *ifile = fopen( filename, "rb"); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4757:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[250]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4774:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[100]; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4778:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tbuff, "Line %ld: Sun alt %.1f az %.1f; obj alt %.1f az %.1f\n", data/pluto-find-orb-0.0~git20180227/mpc_obs.h:17:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mpc_code[4], packed_id[13], reference[6]; data/pluto-find-orb-0.0~git20180227/mpc_obs.h:18:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char columns_57_to_65[10]; data/pluto-find-orb-0.0~git20180227/mpc_obs.h:30:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char packed_desig[13], obj_name[80]; data/pluto-find-orb-0.0~git20180227/mpc_obs.h:32:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unused_padding_bytes_to_avoid_compiler_warning[6]; data/pluto-find-orb-0.0~git20180227/mpc_obs.h:276:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code[4]; data/pluto-find-orb-0.0~git20180227/mt64.cpp:301:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &d_rval, &rval, sizeof( double)); data/pluto-find-orb-0.0~git20180227/mycurses.cpp:54:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( rval, old, sizeof( WINDOW)); data/pluto-find-orb-0.0~git20180227/mycurses.cpp:72:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char text_mode_xsizes[TOTAL_N_TEXT_MODES] = data/pluto-find-orb-0.0~git20180227/mycurses.cpp:74:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char text_mode_ysizes[TOTAL_N_TEXT_MODES] = data/pluto-find-orb-0.0~git20180227/mycurses.cpp:87:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( backup_screen, DISPMEM, scr_xsize * scr_ysize * 2); data/pluto-find-orb-0.0~git20180227/mycurses.cpp:400:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( DISPMEM, backup_screen, scr_xsize * scr_ysize * 2); data/pluto-find-orb-0.0~git20180227/mycurses.cpp:408:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char modes[TOTAL_N_TEXT_MODES] = data/pluto-find-orb-0.0~git20180227/mycurses.cpp:413:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char font_sizes[TOTAL_N_TEXT_MODES] = data/pluto-find-orb-0.0~git20180227/mycurses.cpp:467:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( rval, &temp, sizeof( WINDOW)); data/pluto-find-orb-0.0~git20180227/mycurses.cpp:478:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *ofile = fopen( filename, "wb"); data/pluto-find-orb-0.0~git20180227/mycurses.cpp:495:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *ifile = fopen( filename, "rb"); data/pluto-find-orb-0.0~git20180227/orb_fun2.cpp:79:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( context->orbit, ivect, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_fun2.cpp:93:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int max_iter = atoi( get_environment_ptr( "SIMPLEX_ITER")); data/pluto-find-orb-0.0~git20180227/orb_fun2.cpp:116:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit, context.orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_fun2.cpp:141:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int max_iter = atoi( get_environment_ptr( "SUPERPLEX_ITER")); data/pluto-find-orb-0.0~git20180227/orb_fun2.cpp:148:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( rptr[i], orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_fun2.cpp:165:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit, context.orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_fun2.cpp:243:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( head->orbit, orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_fun2.cpp:244:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( head->solar_pressure, solar_pressure, n_extra_params * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_fun2.cpp:261:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit, stored->orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_fun2.cpp:263:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( solar_pressure, stored->solar_pressure, n_extra_params * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_fun2.cpp:659:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( x, start_x, 3 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_fun2.cpp:660:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( y, start_y, 3 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:400:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). use_encke = atoi( get_environment_ptr( "ENCKE")); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:404:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[200]; data/pluto-find-orb-0.0~git20180227/orb_func.cpp:406:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "Integrating from %.4f to %.4f runs outside\n", data/pluto-find-orb-0.0~git20180227/orb_func.cpp:408:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, "Find_Orb's default time range. See\n\n"); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:409:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, "https://www.projectpluto.com/find_orb.htm#time_range\n\n"); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:410:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, "for instructions on how to extend the range.\n"); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:447:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[80]; data/pluto-find-orb-0.0~git20180227/orb_func.cpp:458:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "t = %.5f; %.5f to %.5f; step ", data/pluto-find-orb-0.0~git20180227/orb_func.cpp:474:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, " %02d:%02d:%02d; %f; %d cached ", data/pluto-find-orb-0.0~git20180227/orb_func.cpp:481:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "%d steps; %d rejected", n_steps, n_rejects); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:489:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), " tp:%ld.%09ld", data/pluto-find-orb-0.0~git20180227/orb_func.cpp:492:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, " "); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:494:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "last err: %.3e/%.3e n changes: %d ", data/pluto-find-orb-0.0~git20180227/orb_func.cpp:499:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "e = %.5f; q = ", ref_orbit.ecc); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:501:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, " "); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:504:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "Pos: %11.6f %11.6f %11.6f", data/pluto-find-orb-0.0~git20180227/orb_func.cpp:507:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "Vel: %11.6f %11.6f %11.6f", data/pluto-find-orb-0.0~git20180227/orb_func.cpp:513:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "%ld searches; avg %.2f max %ld ", data/pluto-find-orb-0.0~git20180227/orb_func.cpp:558:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit, new_vals, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:669:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( result, orbit, 3 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:747:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( curr_orbit, orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:758:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit2, curr_orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:776:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit2, curr_orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:977:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit2, orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:1002:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit2, orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:1009:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( delta[pass], orbit2, 3 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:1227:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit_at_epoch, orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:1651:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[100]; data/pluto-find-orb-0.0~git20180227/orb_func.cpp:1662:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit, sr_orbits + 7 * i, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:1791:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tstr[80]; data/pluto-find-orb-0.0~git20180227/orb_func.cpp:1830:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tstr, "Vaisala %f\n", obs->solar_r); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:1832:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( tstr, "H/xfer orbit (1)"); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:1844:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit, orbit2, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:1886:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( tstr, "H/xfer orbit (2)"); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:1887:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit2, orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:1894:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( tstr, "H/set_locs (2)"); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:1931:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( tstr, "H/xfer orbit (3)"); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:1932:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit2, orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:1939:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( tstr, "H/set_locs (3)"); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:2042:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( params, orbit, 3 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:2063:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( params2, params, 5 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:2170:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[80]; data/pluto-find-orb-0.0~git20180227/orb_func.cpp:2297:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. rval[i] = (void *)( (char *)rval[0] + i * y * obj_size); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:2559:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *monte_label[MONTE_N_ENTRIES] = { data/pluto-find-orb-0.0~git20180227/orb_func.cpp:2617:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). get_asteroid_mass( atoi( limited_orbit + 2)) : NULL); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:2650:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tstr[80]; data/pluto-find-orb-0.0~git20180227/orb_func.cpp:2654:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi( get_environment_ptr( "DEBUG_DELTAS")); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:2666:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n_params = atoi( limited_orbit + 3); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:2703:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( original_orbit, orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:2704:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( original_params, solar_pressure, MAX_N_NONGRAV_PARAMS * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:2705:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tstr, "full improvement: %f ", JD_TO_YEAR( epoch)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:2747:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tstr, "fi/setting locs: %f ", JD_TO_YEAR( epoch)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:2792:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tstr, "fi/locs set: %f ", JD_TO_YEAR( epoch)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:2813:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orig_obs, obs, n_obs * sizeof( OBSERVE)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:2838:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( original_solar_pressure, solar_pressure, data/pluto-find-orb-0.0~git20180227/orb_func.cpp:2842:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( tweaked_orbit, orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:2843:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( solar_pressure, original_solar_pressure, data/pluto-find-orb-0.0~git20180227/orb_func.cpp:2852:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tstr, "Evaluating %d of %d : iter %d ", i + 1, data/pluto-find-orb-0.0~git20180227/orb_func.cpp:2863:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit, original_orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:2864:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( solar_pressure, original_params, n_extra_params * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:2919:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tstr, "Evaluating %d of %d rev ", i + 1, n_params); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:2923:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obs, orig_obs, n_obs * sizeof( OBSERVE)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:2970:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( solar_pressure, original_solar_pressure, data/pluto-find-orb-0.0~git20180227/orb_func.cpp:2979:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit, original_orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:2980:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( solar_pressure, original_params, n_extra_params * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:3035:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[200]; data/pluto-find-orb-0.0~git20180227/orb_func.cpp:3097:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tbuff, "%10.6f", oval); /* values are -1 to 1 */ data/pluto-find-orb-0.0~git20180227/orb_func.cpp:3134:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tbuff, "%10.6f", oval); /* values are -1 to 1 */ data/pluto-find-orb-0.0~git20180227/orb_func.cpp:3194:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char covar_text[20]; data/pluto-find-orb-0.0~git20180227/orb_func.cpp:3229:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char title_text[20]; data/pluto-find-orb-0.0~git20180227/orb_func.cpp:3252:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( title_text, "Sigma_A%d", i - 5); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:3289:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit2, orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:3307:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tstr, "Final setting of orbit "); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:3319:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tstr, "Half-stepping %d\n", 7 - i); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:3455:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *incl_vs_a_scattergram[30] = { data/pluto-find-orb-0.0~git20180227/orb_func.cpp:3595:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( temp_orbit, orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:3597:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( best_obs, obs, n_obs * sizeof( OBSERVE)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:3613:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg_buff[80]; data/pluto-find-orb-0.0~git20180227/orb_func.cpp:3664:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit, temp_orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:3666:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( best_obs, obs, n_obs * sizeof( OBSERVE)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:3675:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( obs, best_obs, n_obs * sizeof( OBSERVE)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:3727:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit, temp_orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:3805:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg_buff[80]; data/pluto-find-orb-0.0~git20180227/orb_func.cpp:3810:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const int max_time = atoi( get_environment_ptr( "IOD_TIMEOUT")); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:3874:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit, sr_orbits, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:3949:28: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( best_orbit, orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:4016:19: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( best_orbit, orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:4021:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( msg_buff, "Method %d, r=%.4f", i, pseudo_r); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:4038:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit, best_orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:4045:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( best_orbit, orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:4050:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit, best_orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:4185:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( best_orbit, orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:4255:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( best_orbit, orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:4268:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit, best_orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:4294:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( zorbit, orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:4295:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( zorbit + 6, solar_pressure, n_extra_params * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:4301:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( new_orbit, orbit, 9 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:4310:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( solar_pressure, new_orbit + 6, n_extra_params * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:4317:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( zorbit, new_orbit, 9 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:4322:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( solar_pressure, zorbit + 6, n_extra_params * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:4326:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit, zorbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:4327:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( solar_pressure, zorbit + 6, n_extra_params * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:206:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char old_path[_MAX_DIR]; data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:216:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path2[_MAX_DIR]; data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:248:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "%dkm", (long)( ival * AU_IN_KM)); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:250:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "%.4lf", ival); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:252:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "%.4lf LY", ival / AU_IN_LIGHT_YEAR); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:254:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( buff, "<HUGE>"); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:260:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[80]; data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:289:11: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static TCHAR buff[100]; data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:307:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[80]; data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:320:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n_extra_params = atoi( CT2A( m_r2) + 1); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:325:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). integration_method = atoi( CT2A( m_r2) + 1); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:517:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[_MAX_DIR]; data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:518:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char path[_MAX_DIR]; data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:532:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[400]; data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:537:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ifile = fopen( buff, "rb"); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:541:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const int number = atoi( buff) - dlg_number; data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:610:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if( startup = fopen( "startup.mar", "rb")) data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:612:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[140]; data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:672:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ifile = fopen( elements_filename, "rb"); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:705:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[10]; data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:707:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "%d", monte_carlo_object_count); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:763:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[90]; data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:765:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *ifile = fopen( CT2A( curr_file_name), "rb"); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:820:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char obj_name[80]; data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:837:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[_MAX_DIR]; data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:849:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit2, orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:851:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( ofile = fopen( filename, "w")) data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:853:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[200]; data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:854:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *ifile = fopen( elements_filename, "rb"); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:875:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[640]; data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:931:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tstr[90], object_name[80]; data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:933:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *ifile = fopen( "startup.mar", "rb"); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:989:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tstr, "%c %.4lf", (lon < 0. ? 'W' : 'E'), data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:992:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tstr, "%c %.4lf", (lat < 0. ? 'S' : 'N'), data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1014:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( dlg.orbit, orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1020:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tstr, "%d ", dlg.m_number_steps); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1026:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tstr, "%d ", dlg.m_use_mpc_code); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1034:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[80]; data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1044:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[_MAX_DIR]; data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1112:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[80]; data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1211:4: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR text[90]; data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1213:4: [2] (buffer) _stprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. _stprintf( text, _T( "Got %02lx (%c)\n"), nChar, nChar); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1247:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( nominal_orbit, orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1252:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( orbit, nominal_orbit, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1320:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[80]; data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1378:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[80]; data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1406:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tstr[30]; data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1420:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tstr, "%.2lf", max_residual_for_filtering); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1473:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[440]; data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1478:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + strlen( buff), "%d observations; ", ids->n_obs); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1598:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff + i * 3, "%02x ", (unsigned)tptr[i]); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1610:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, "%c,%d,%d,%d,%.2lf,%.2lf,%d", data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1703:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[80]; data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1705:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tbuff, "Clipboard rval %d\n", rval); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1711:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[_MAX_DIR]; data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1717:33: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *ofile = fopen( filename, "w"); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1728:7: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR buff[80]; data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1785:7: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR buff[1000]; data/pluto-find-orb-0.0~git20180227/pl_cache.cpp:97:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( vect_2000, temp_loc, 3 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/pl_cache.cpp:115:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[100]; data/pluto-find-orb-0.0~git20180227/pl_cache.cpp:123:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tname[255]; data/pluto-find-orb-0.0~git20180227/pl_cache.cpp:173:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( vect_2000, state + calc_vel, 3 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/pl_cache.cpp:307:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( dword_ptr, &jd, sizeof( double)); data/pluto-find-orb-0.0~git20180227/pl_cache.cpp:554:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( vect_2000, cache[loc].vect, 3 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/pl_cache.cpp:560:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( vect_2000, cache[loc].vect, 3 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/pl_cache.cpp:649:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( buff, "\nNo JPL DE ephemeris file loaded; using (slower) PS1996 series\n"); data/pluto-find-orb-0.0~git20180227/pl_cache.cpp:650:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, "See https://www.projectpluto.com/find_orb.htm#de_eph for\n"); data/pluto-find-orb-0.0~git20180227/pl_cache.cpp:651:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( buff, "info on how/why to use JPL DE ephemerides\n"); data/pluto-find-orb-0.0~git20180227/pl_cache.cpp:654:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buff, data/pluto-find-orb-0.0~git20180227/roottest.cpp:39:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = (unsigned)atoi( buff); data/pluto-find-orb-0.0~git20180227/roottest.cpp:64:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[100]; data/pluto-find-orb-0.0~git20180227/roottest.cpp:113:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char poly_text[1000]; data/pluto-find-orb-0.0~git20180227/runge.cpp:239:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n_terms = atoi( get_environment_ptr( "GEO_TERMS")); data/pluto-find-orb-0.0~git20180227/runge.cpp:285:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi( get_environment_ptr( "GEO_TERMS"))); data/pluto-find-orb-0.0~git20180227/runge.cpp:527:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( matrix, cached_matrix, 9 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/runge.cpp:786:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( transverse, ival + 3, 3 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/runge.cpp:856:22: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( planet_loc, lunar_loc, 3 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/runge.cpp:865:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( planet_loc + 12, planet_loc, 3 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/runge.cpp:880:19: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( jupiter_loc, planet_loc + 12, 3 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/runge.cpp:891:19: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( saturn_loc, planet_loc + 12, 3 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/runge.cpp:917:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( delta_j2000, accel, 3 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/runge.cpp:1096:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( local_rel_vect, ivect, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/runge.cpp:1151:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( rel_vect, delta, 3 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/runge.cpp:1359:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( state_j, ival, 6 * sizeof( double)); data/pluto-find-orb-0.0~git20180227/runge.cpp:1383:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( ovals, state_j, n_vals * sizeof( double)); data/pluto-find-orb-0.0~git20180227/runge.cpp:1533:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( state_j, ival, 6 * sizeof( ldouble)); data/pluto-find-orb-0.0~git20180227/runge.cpp:1559:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( ovals, state_j, n_vals * sizeof( ldouble)); data/pluto-find-orb-0.0~git20180227/shellsor.cpp:118:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( pivot, tptr, elem_size); data/pluto-find-orb-0.0~git20180227/shellsor.cpp:119:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( tptr, tptr2, elem_size); data/pluto-find-orb-0.0~git20180227/shellsor.cpp:124:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( tptr, tptr2, elem_size); data/pluto-find-orb-0.0~git20180227/shellsor.cpp:128:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( tptr, pivot, elem_size); data/pluto-find-orb-0.0~git20180227/sigma.cpp:36:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mpc_code[5]; data/pluto-find-orb-0.0~git20180227/sigma.cpp:58:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( w->mpc_code, buff + 1, 3); data/pluto-find-orb-0.0~git20180227/sigma.cpp:68:51: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const double jd = (double)dmy_to_day( atoi( buff + i * 11 + 16), data/pluto-find-orb-0.0~git20180227/sigma.cpp:69:51: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi( buff + i * 11 + 13), data/pluto-find-orb-0.0~git20180227/sigma.cpp:70:51: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi( buff + i * 11 + 8), data/pluto-find-orb-0.0~git20180227/sigma.cpp:102:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[120]; data/pluto-find-orb-0.0~git20180227/simplex.cpp:76:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( curr, new_point, n * sizeof( double)); data/pluto-find-orb-0.0~git20180227/b32_eph.cpp:69:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fwrite( tbuff, strlen( tbuff), 1, ofile); data/pluto-find-orb-0.0~git20180227/b32_eph.cpp:210:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). full_ctime( tbuff + strlen( tbuff), curr_jd, CALENDAR_JULIAN_GREGORIAN); data/pluto-find-orb-0.0~git20180227/clipfunc.cpp:128:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fwrite( text, 1, strlen( text), ofile); data/pluto-find-orb-0.0~git20180227/cssfield.cpp:173:25: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. n_scanned = sscanf( buff, "%lf %lf %70s %3s", &rval[n].ra, data/pluto-find-orb-0.0~git20180227/cssfield.cpp:191:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). file_loc += strlen( buff); data/pluto-find-orb-0.0~git20180227/details.cpp:159:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen( iline); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:178:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). obuff += strlen( obuff); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:188:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). obuff += strlen( obuff); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:334:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( obuff, " "); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:335:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). obuff += strlen( obuff); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:337:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). obuff += strlen( obuff); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:494:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), " %9.1f%5.1f%5.1f %c", data/pluto-find-orb-0.0~git20180227/elem_out.cpp:499:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), " Center: %d", elem->central_obj); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:501:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). observation_summary_data( buff + strlen( buff), obs, n_obs, -1); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:527:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t rval = strlen( buff); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:569:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t keylen = strlen( key); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:584:13: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf( buff + loc, "%20s", obuff); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:602:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tptr += strlen( search_text); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:618:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tptr[strlen( tptr)] = ' '; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:678:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove( buff + 2, buff + 3, strlen( buff + 2)); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:717:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fwrite( obuff, strlen( obuff), 1, fp); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1014:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( orbit_summary_text + strlen( orbit_summary_text), data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1056:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tptr = tbuff + strlen( tbuff) + 1; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1110:13: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( tt_ptr, "\n"); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1111:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tt_ptr += strlen( tt_ptr); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1116:16: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( tbuff0, " "); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1125:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcat( tt_ptr, (strlen( tt_ptr) > 50) ? "\n" : " "); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1128:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( strlen( buff) < sizeof( buff) - 1); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1173:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( strlen( addendum) + strlen( buff) < 79) data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1173:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( strlen( addendum) + strlen( buff) < 79) data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1182:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( orbit_summary_text + strlen( orbit_summary_text), data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1213:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove( buff + 36, buff + 19, strlen( buff + 18)); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1279:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove( buff, zptr, strlen( zptr) + 1); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1294:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t j = strlen( buff); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1310:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy( buff + 36, body_frame_note, strlen( body_frame_note)); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1316:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tptr += strlen( tptr) + 1; data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1379:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fwrite( buff, strlen( buff), 1, ofile2); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1484:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end_ptr = impact_buff + strlen( impact_buff); data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1530:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( tbuff + strlen( tbuff), " $Ty=%s $Tm=%s $Td=%s", data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1532:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( tbuff + strlen( tbuff), " $MA=%.5f", data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1543:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( tbuff + strlen( tbuff), " $Incl=%.5f", data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1548:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( tbuff + strlen( tbuff), " $T=%.6f $H=%.1f", data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1601:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( virtual_full_desig + strlen( virtual_full_desig), " [%d]", data/pluto-find-orb-0.0~git20180227/elem_out.cpp:1734:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). loc[strlen( object_name)] == ' ') data/pluto-find-orb-0.0~git20180227/elem_out.cpp:2316:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( strlen( tbuff) < 16); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:205:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t ilen = strlen( string); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:799:26: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if( sscanf( buff, "%*f %*f %*s %*s %24s %90s", data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1138:10: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( text, "-"); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1140:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xloc = yloc * 2 - (int)strlen( text + 1) / 2; data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1142:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy( histo[0] + xloc, text + 1, strlen( text + 1)); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1374:10: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( hr_min_text, "."); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1603:16: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( buff, " "); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1654:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). format_dist_in_buff( buff + strlen( buff), data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1890:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *endptr = buff + strlen( buff); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1906:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *end_ptr = buff + strlen( buff); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1909:16: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( buff, " "); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1934:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *end_ptr = buff + strlen( buff); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1950:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *tptr = buff + strlen( buff); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1961:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *tptr = buff + strlen( buff); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:1980:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). format_velocity_in_buff( buff + strlen( buff), total_vel); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2045:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove( buff, buff + 7, strlen( buff + 6)); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2160:16: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( obuff, "?"); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2168:10: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( obuff, "."); /* super-precise formats */ data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2172:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for( i = strlen( obuff); i < 12; i++) data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2354:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). text += strlen( text); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2383:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). output_angle_to_buff( text + strlen( text), angle, obs->ra_precision); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2394:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). text += strlen( text); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2511:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( text, xresid, 6); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2512:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( text + 6, yresid, 6); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2717:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( *buff && buff[strlen( buff) - 1] != '.') data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2718:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( buff, "."); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2742:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lptr = list + strlen( list); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2912:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t len = strlen( line); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2917:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len2 = strlen( line + REPLACEMENT_COLUMN); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2918:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove( loc + len2, loc + len, strlen( loc + len) + 2); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:2943:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( strlen( obs_data[i].mpc_code) == 3); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3012:16: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( inserted_text, " "); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3019:19: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( inserted_text, "s"); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3020:16: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( inserted_text, " "); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3022:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove( outtext + strlen( inserted_text), outtext, data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3023:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( outtext) + 1); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3024:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy( outtext, inserted_text, strlen( inserted_text)); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3027:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = (int)strlen( outtext); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3143:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return( strlen( mpc_line) == 80 && !memcmp( mpc_line + 72, "NEOCP", 5)); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3156:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t oldlen = strlen( oldstr); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3157:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t newlen = strlen( newstr); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3255:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove( tptr + strlen( mpec_buff), tptr + 3, strlen( tptr)); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3255:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove( tptr + strlen( mpec_buff), tptr + 3, strlen( tptr)); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3256:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy( tptr, mpec_buff, strlen( mpec_buff)); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3334:22: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( search_str, "$"); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3386:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tptr += strlen( tptr); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3399:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy( tptr + i * 15 + 2, terms[i], strlen( terms[i])); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3459:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( strlen( buff) < sizeof( buff)); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3482:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tptr = buff + strlen( buff); data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3694:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove( color + 1, color + 7, strlen( color + 6)); /* remove RGB */ data/pluto-find-orb-0.0~git20180227/ephem0.cpp:3695:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove( color + 8, color + 4, strlen( color + 9)); data/pluto-find-orb-0.0~git20180227/findorb.cpp:238:4: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep( 100000); /* .1 second */ data/pluto-find-orb-0.0~git20180227/findorb.cpp:366:7: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar( ); data/pluto-find-orb-0.0~git20180227/findorb.cpp:557:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). full_ctime( buff + strlen( buff), jd_start, data/pluto-find-orb-0.0~git20180227/findorb.cpp:561:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), " (Ephem end: JD %.5f = ", jd_end); data/pluto-find-orb-0.0~git20180227/findorb.cpp:562:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). full_ctime( buff + strlen( buff), jd_end, data/pluto-find-orb-0.0~git20180227/findorb.cpp:572:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "T Ephem start: %s\n", ephemeris_start); data/pluto-find-orb-0.0~git20180227/findorb.cpp:573:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "N Number steps: %d\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:575:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "S Step size: %s\n", ephemeris_step_size); data/pluto-find-orb-0.0~git20180227/findorb.cpp:576:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "L Location: (%s) ", mpc_code); data/pluto-find-orb-0.0~git20180227/findorb.cpp:577:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). put_observer_data_in_text( mpc_code, buff + strlen( buff)); data/pluto-find-orb-0.0~git20180227/findorb.cpp:578:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( buff, "\n"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:581:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "Z Motion info in ephemerides: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:584:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "O Separate motions: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:587:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "A Alt/az info in ephemerides: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:589:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "R Radial velocity in ephemerides: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:591:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "P Phase angle in ephemerides: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:593:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "B Phase angle bisector: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:595:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "H Heliocentric ecliptic: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:597:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "X Topocentric ecliptic: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:599:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "G Ground track: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:603:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "V Visibility indicator: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:605:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "U Suppress unobservables: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:608:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "F Suppress when fainter than mag: %.1f\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:610:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "J Lunar elongation: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:612:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "D Positional sigmas: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:614:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "Y Computer-friendly output: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:616:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "W Round to nearest step: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:618:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "I Space velocity in ephemerides: %s\n", data/pluto-find-orb-0.0~git20180227/findorb.cpp:621:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "C %s\n", ephem_type_strings[ephem_type]); data/pluto-find-orb-0.0~git20180227/findorb.cpp:622:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "? Help about making ephemerides\n"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:623:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "M Make ephemeris\n"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:624:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "Q Quit/return to main display"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:668:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( ephemeris_step_size)); data/pluto-find-orb-0.0~git20180227/findorb.cpp:672:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( ephemeris_step_size) + 1); data/pluto-find-orb-0.0~git20180227/findorb.cpp:697:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( strlen( buff) == 3 || !memcmp( buff, "Ast", 3)) data/pluto-find-orb-0.0~git20180227/findorb.cpp:754:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( ephemeris_step_size) + 1); data/pluto-find-orb-0.0~git20180227/findorb.cpp:882:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). make_date_range_text( buff + strlen( buff), id->jd_start, id->jd_end); data/pluto-find-orb-0.0~git20180227/findorb.cpp:958:19: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( desig, " "); data/pluto-find-orb-0.0~git20180227/findorb.cpp:959:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). object_comment_text( desig + strlen( desig), ids + i + curr_page); data/pluto-find-orb-0.0~git20180227/findorb.cpp:984:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)strlen( search_text), COLOR_FINAL_LINE); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1025:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen( search_text); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1166:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const unsigned len = (unsigned)strlen( buff + 15); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1208:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "%c%c ", data/pluto-find-orb-0.0~git20180227/findorb.cpp:1217:10: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( buff, "\n"); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1256:7: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( (char *)find_nth_utf8_char( buff, 3), " "); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1257:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). put_colored_text( buff, line, i * 7 + 3, (int)strlen( buff), data/pluto-find-orb-0.0~git20180227/findorb.cpp:1285:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). put_colored_text( buff, line_no, column, (int)strlen( buff), default_color); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1447:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove( buff, buff + dropped_start, strlen( buff + dropped_start) + 1); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1448:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy( buff + strlen( buff), resid_data + 10); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1575:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int)strlen( buff); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1711:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). put_colored_text( buff, i, getmaxx( stdscr) - (int)strlen( buff) - 1, data/pluto-find-orb-0.0~git20180227/findorb.cpp:1712:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)strlen( buff), COLOR_FINAL_LINE); data/pluto-find-orb-0.0~git20180227/findorb.cpp:1736:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). put_colored_text( buff, i, 0, (int)strlen( buff), msgs[msg_num][0] - '0'); data/pluto-find-orb-0.0~git20180227/findorb.cpp:2334:4: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf( get_environment_ptr( "CONSOLE_OPTS"), "%9s %d %d %u", data/pluto-find-orb-0.0~git20180227/findorb.cpp:2356:4: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf( get_environment_ptr( "EPHEM_STEPS"), "%d %9s", data/pluto-find-orb-0.0~git20180227/findorb.cpp:2727:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( right_side_col < (unsigned)strlen( tbuff) + spacing) data/pluto-find-orb-0.0~git20180227/findorb.cpp:2728:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). right_side_col = (unsigned)strlen( tbuff) + spacing; data/pluto-find-orb-0.0~git20180227/findorb.cpp:2737:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). >= strlen( tbuff + 2) + right_side_col data/pluto-find-orb-0.0~git20180227/findorb.cpp:2804:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xloc = getmaxx( stdscr) - (int)strlen( message_to_user) - 1; data/pluto-find-orb-0.0~git20180227/findorb.cpp:2880:36: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( loc < (unsigned)wcslen( search_strings[i])) data/pluto-find-orb-0.0~git20180227/findorb.cpp:2926:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( (unsigned)x < strlen( legnd) && ( button & BUTTON_CTRL) data/pluto-find-orb-0.0~git20180227/findorb.cpp:3400:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( message_to_user + strlen( message_to_user), "(%.5f s)", data/pluto-find-orb-0.0~git20180227/findorb.cpp:3715:16: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf( tbuff, "%79s", filename); data/pluto-find-orb-0.0~git20180227/findorb.cpp:4090:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( message_to_user); data/pluto-find-orb-0.0~git20180227/findorb.cpp:4092:16: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( message_to_user + slen, tbuff + 1, xmax - slen); data/pluto-find-orb-0.0~git20180227/findorb.cpp:4233:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( strlen( tbuff) == 3) data/pluto-find-orb-0.0~git20180227/findorb.cpp:4363:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( tbuff[strlen( tbuff) - 1] == 'z') data/pluto-find-orb-0.0~git20180227/fo.cpp:106:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). make_date_range_text( buff + strlen( buff), id->jd_start, id->jd_end); data/pluto-find-orb-0.0~git20180227/fo.cpp:188:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fwrite( buff, strlen( buff), 1, ofile); data/pluto-find-orb-0.0~git20180227/fo.cpp:266:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( strlen( a1) < summ_sort_column) data/pluto-find-orb-0.0~git20180227/fo.cpp:268:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( strlen( b1) < summ_sort_column) data/pluto-find-orb-0.0~git20180227/fo.cpp:336:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove( text + 5, text, strlen( text) + 1); data/pluto-find-orb-0.0~git20180227/fo.cpp:340:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen( text); data/pluto-find-orb-0.0~git20180227/fo.cpp:342:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove( text + 4, text, strlen( text) + 1); data/pluto-find-orb-0.0~git20180227/fo.cpp:668:19: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf( get_environment_ptr( "EPHEM_STEPS"), "%d %9s", data/pluto-find-orb-0.0~git20180227/fo.cpp:670:19: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf( get_environment_ptr( "CONSOLE_OPTS"), "%9s", data/pluto-find-orb-0.0~git20180227/fo.cpp:715:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( new_line + strlen( new_line), " %s %s %s", data/pluto-find-orb-0.0~git20180227/fo.cpp:721:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( new_line + strlen( new_line), "%s", tbuff + 68); data/pluto-find-orb-0.0~git20180227/fo.cpp:725:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). = (char *)malloc( strlen( new_line) + 1); data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:74:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mpec_error_message = (char *)malloc( strlen( prompt) + 1); data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:79:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *new_message = (char *)malloc( strlen( mpec_error_message) + data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:80:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( prompt) + 1); data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:122:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t len = strlen( desig); data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:134:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t len = strlen( buff); data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:213:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( strlen( buff) > 70) data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:220:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bytes_written += fwrite( buff, 1, strlen( buff), ofile); data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:241:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). neocp_bytes_found += fwrite( tbuff, 1, strlen( tbuff), ofile); data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:262:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bytes_written += fwrite( tbuff, 1, strlen( tbuff), ofile); data/pluto-find-orb-0.0~git20180227/fo_serve.cpp:466:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( (i = strlen( mpec_name)) > 8) data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:140:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( right_angle_bracket)); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:149:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t len = strlen( buff); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:157:14: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if( sscanf( buff, "%19s", tbuff) == 1 && strlen( tbuff) == 7) data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:157:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( sscanf( buff, "%19s", tbuff) == 1 && strlen( tbuff) == 7) data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:171:11: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if( sscanf( buff, "%99s %9s %9s %9s%n", desig, year, month, day, data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:172:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). &bytes_read) == 4 && strlen( month) == 2) data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:174:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t desig_len = strlen( desig); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:175:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t year_len = strlen( year); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:176:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t day_len = strlen( day); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:199:20: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if( sscanf( buff + bytes_read, "%9s%n", tbuff, &tval) == 1 data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:200:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && strlen( tbuff) == 2) data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:208:17: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if( sscanf( buff + bytes_read, "%9s%9s%n", minutes, seconds, data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:213:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy( obuff + 38, seconds, strlen( seconds)); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:217:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( strlen( seconds) < 6) data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:219:20: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if( sscanf( buff + bytes_read, "%9s%n", tbuff, &tval) == 1 data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:220:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && strlen( tbuff) == 3) data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:228:17: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if( sscanf( buff + bytes_read, "%9s%9s%n", minutes, seconds, data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:233:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy( obuff + 51, seconds, strlen( seconds)); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:234:17: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if( sscanf( buff + bytes_read, "%9s%n", tbuff, &tval) == 1 data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:238:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy( obuff + 65, tbuff, strlen( tbuff)); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:244:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy( obuff + 77, buff + strlen( buff) - 3, 3); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:459:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if( !i && strlen( lines[0]) > 8) data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:483:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( strlen( buff) < 22) data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:589:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buff_loc += strlen( buff) + 1; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:712:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( (!pass && !memcmp( buff, station_data[i] + 30, strlen( buff))) data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1084:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( obuff + strlen( obuff), "%c", ibuff[6]); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1109:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). filesize += strlen( buff) + 1; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1120:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rval[lines_read + 1] = rval[lines_read] + strlen( buff) + 1; data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1141:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t slen = strlen( search); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1185:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( name); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1205:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for( slen = strlen( desig); slen > 8; desig++, slen--) data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1298:19: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( obuff, " "); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1361:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( obuff + strlen( obuff), " = %s", provisional_desig); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:1411:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). try_adding_comet_name( tbuff, obuff + strlen( obuff)); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2403:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t line_len = strlen( buff); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:2508:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( buff) == 118) data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3005:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove( buff + 1, buff + 4, strlen( buff + 3)); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3201:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t ilen = strlen( buff); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3585:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3588:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "These observations will be ignored.\n"); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3616:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3625:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3746:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t iline_len = strlen( buff); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3751:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). debug_printf( "Input line len %d\n", (int)strlen( buff)); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3772:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). debug_printf( "After fixup: %d\n", (int)strlen( buff)); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3900:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove( buff, name, strlen( name) + 1); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3909:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). extract_region_data_for_mpc_station( buff + strlen( buff), data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3953:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( tbuff, "="); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3954:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tbuff_len = strlen( tbuff); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:3974:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t env_ptr_len = strlen( env_ptr); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4305:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t i = strlen( buff); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4408:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "RA vel %s decvel %s dT=", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4410:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buff += strlen( buff); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4454:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), " radial vel %.3f km/s cross ", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4475:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), " %s ago", tbuff); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4486:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buff += strlen( buff); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4490:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buff += strlen( buff); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4494:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "mag=%5.2f ", optr->obs_mag); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4498:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "mag (computed)=%5.2f ", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4501:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). full_ctime( buff + strlen( buff), data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4523:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *end_ptr = buff + strlen( buff); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4531:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "%d ", tilt_angle); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4533:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buff += strlen( buff); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4540:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "Obj alt %.1f", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4543:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), " az %.1f", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4550:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buff += strlen( buff); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4560:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), " Sun alt %.1f", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4563:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), " az %.1f", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4576:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4595:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "time sigma %g", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4598:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), " RA bias %.3f\" dec bias %.3f\"", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4620:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). format_jpl_ephemeris_info( buff + strlen( buff)); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4662:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "Mean RA residual %.3f +/- %.3f; dec %.3f +/- %.3f\n", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4676:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "Observations are %.2f\" = %.2f' = %.3f degrees apart\n", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4679:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "Time diff: %.2f sec = %.2f min = %.3f hrs\n", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4684:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "Time diff: %.1f hrs = %.2f days\n", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4690:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "Motion: %.2f'/hr in RA, %.2f'/hr in dec", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4692:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), " (total %.2f'/hr at PA %.1f)\n", data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4696:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). make_date_range_text( buff + strlen( buff), data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4698:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( buff, "\n"); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4709:13: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( tptr, "\n"); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4710:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tptr += strlen( tptr); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4733:13: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( tptr, "\n"); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4734:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tptr += strlen( tptr); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4740:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( tptr, "\n"); data/pluto-find-orb-0.0~git20180227/mpc_obs.cpp:4746:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). add_version_and_de_text( buff + strlen( buff)); data/pluto-find-orb-0.0~git20180227/mycurses.cpp:122:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen( str); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:486:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). format_dist_in_buff( buff + strlen( buff), best_fit_planet_dist); data/pluto-find-orb-0.0~git20180227/orb_func.cpp:489:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), " tp:%ld.%09ld", data/pluto-find-orb-0.0~git20180227/orb_func.cpp:500:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). format_dist_in_buff( buff + strlen( buff), ref_orbit.q); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:218:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for( i = strlen( path); i && path[i - 1] != '\\'; i--) data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:276:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const char end_char = buff[strlen( buff) - 1]; data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:686:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove( tptr, tptr + 2, strlen( tptr + 1)); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:692:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tptr += strlen( tptr); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:753:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for( i = strlen( buff); buff[i - 1] == '0'; i--) data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1058:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( _stricmp( filename + strlen( filename) - 4, ".res")) data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1060:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( stricmp( filename + strlen( filename) - 4, ".res")) data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1478:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf( buff + strlen( buff), "%d observations; ", ids->n_obs); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1479:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). make_date_range_text( buff + strlen( buff), data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1482:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( buff, "\n"); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1483:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). add_version_and_de_text( buff + strlen( buff)); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1699:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (long)strlen( CT2A( str))); data/pluto-find-orb-0.0~git20180227/orbitdlg.cpp:1719:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fwrite( str, 1, strlen( CT2A( str)), ofile); ANALYSIS SUMMARY: Hits = 1519 Lines analyzed = 39444 in approximately 1.32 seconds (29903 lines/second) Physical Source Lines of Code (SLOC) = 30738 Hits@level = [0] 576 [1] 288 [2] 971 [3] 6 [4] 254 [5] 0 Hits@level+ = [0+] 2095 [1+] 1519 [2+] 1231 [3+] 260 [4+] 254 [5+] 0 Hits/KSLOC@level+ = [0+] 68.1567 [1+] 49.4177 [2+] 40.0481 [3+] 8.45859 [4+] 8.26339 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.