Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pluto-jpl-eph-0.0~git20180228/jpleph.cpp
Examining data/pluto-jpl-eph-0.0~git20180228/eph2.cpp
Examining data/pluto-jpl-eph-0.0~git20180228/hex_comp.cpp
Examining data/pluto-jpl-eph-0.0~git20180228/sub_eph.cpp
Examining data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp
Examining data/pluto-jpl-eph-0.0~git20180228/f_strtod.cpp
Examining data/pluto-jpl-eph-0.0~git20180228/jpleph.h
Examining data/pluto-jpl-eph-0.0~git20180228/dump_eph.cpp
Examining data/pluto-jpl-eph-0.0~git20180228/eph.cpp
Examining data/pluto-jpl-eph-0.0~git20180228/watdefs.h
Examining data/pluto-jpl-eph-0.0~git20180228/ftest.cpp
Examining data/pluto-jpl-eph-0.0~git20180228/testeph.cpp
Examining data/pluto-jpl-eph-0.0~git20180228/eph2asc.cpp
Examining data/pluto-jpl-eph-0.0~git20180228/merge_de.cpp
Examining data/pluto-jpl-eph-0.0~git20180228/jpl_int.h
FINAL RESULTS:
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:140:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( buff, format_string, path_to_ascii_files,
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:325:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( output_filename, argv[i] + 2);
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:342:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( path_to_ascii_files, argv[i]);
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:353:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buff, "%s%s", path_to_ascii_files, override_header_name);
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:355:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buff, "%sheader.%s", path_to_ascii_files, de_num);
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:540:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output_filename, "jpleph.%s", de_num);
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:721:13: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( verbose > 1 ? "\n" : "\r");
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:773:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( header, buff);
data/pluto-jpl-eph-0.0~git20180228/dump_eph.cpp:135:16: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( format_str,
data/pluto-jpl-eph-0.0~git20180228/eph2.cpp:40:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( buff, (i == 3 ? ".%09ld" : "%02ld "), ival);
data/pluto-jpl-eph-0.0~git20180228/testeph.cpp:278:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( buff, test_file_name);
data/pluto-jpl-eph-0.0~git20180228/testeph.cpp:283:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( buff, ephfile_name);
data/pluto-jpl-eph-0.0~git20180228/testeph.cpp:289:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( buff + i, extension);
data/pluto-jpl-eph-0.0~git20180228/watdefs.h:65:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define FSTRCPY strcpy
data/pluto-jpl-eph-0.0~git20180228/watdefs.h:67:22: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#define FSTRCAT strcat
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:109:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ttl[3][84];
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:110:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cnam[JPL_MAX_N_CONSTANTS][6];
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:136:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[_MAX_PATH];
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:142:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rval = fopen( buff, "rb");
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:165:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int max_year = (atoi( de_num) == 431 ? 19000 : 6000);
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:277:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[14];
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:278:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[102];
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:279:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_to_ascii_files[_MAX_PATH];
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:280:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output_filename[_MAX_PATH];
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:333:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verbose = atoi( argv[i] + 2);
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:357:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifile = fopen( buff, "rb");
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:407:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( atoi( de_num) == 403)
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:426:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( cnames + i * 6, buff, 6);
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:428:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( rec1.cnam[i], buff, 6);
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:458:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( cval + i, temp, n_found * sizeof( double));
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:502:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rec1.ipt[j][i] = (int32_t)atoi( buff + j * 6);
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:503:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rec1.lpt[i] = (int32_t)atoi( buff + 72);
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:504:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rpt[i] = (int32_t)atoi( buff + 78);
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:505:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tpt[i] = (int32_t)atoi( buff + 84);
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:543:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofile=fopen( output_filename, "wb");
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:767:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[102];
data/pluto-jpl-eph-0.0~git20180228/dump_eph.cpp:93:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char constant_name[7];
data/pluto-jpl-eph-0.0~git20180228/dump_eph.cpp:105:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n_steps = atoi( argv[4]);
data/pluto-jpl-eph-0.0~git20180228/dump_eph.cpp:140:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *text[3] = {
data/pluto-jpl-eph-0.0~git20180228/eph.cpp:34:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int planet_no = atoi( argv[1]), i;
data/pluto-jpl-eph-0.0~git20180228/eph.cpp:41:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ifile = fopen( "c:\\find_orb\\ps_1996.dat", "rb");
data/pluto-jpl-eph-0.0~git20180228/eph.cpp:61:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ifile = fopen( "elp82big.dat", "rb");
data/pluto-jpl-eph-0.0~git20180228/eph.cpp:81:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch( atoi( argv[3]))
data/pluto-jpl-eph-0.0~git20180228/eph2.cpp:59:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int home_planet = atoi( argv[1]), planet_no = atoi( argv[2]);
data/pluto-jpl-eph-0.0~git20180228/eph2.cpp:59:56: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int home_planet = atoi( argv[1]), planet_no = atoi( argv[2]);
data/pluto-jpl-eph-0.0~git20180228/eph2.cpp:70:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
center = atoi( argv[4]);
data/pluto-jpl-eph-0.0~git20180228/eph2.cpp:86:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[30];
data/pluto-jpl-eph-0.0~git20180228/eph2asc.cpp:43:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buff, "%25.15E", val);
data/pluto-jpl-eph-0.0~git20180228/eph2asc.cpp:44:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buff + 20, "D%+03d", atoi( buff + 21) + 1);
data/pluto-jpl-eph-0.0~git20180228/eph2asc.cpp:44:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sprintf( buff + 20, "D%+03d", atoi( buff + 21) + 1);
data/pluto-jpl-eph-0.0~git20180228/eph2asc.cpp:110:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[40];
data/pluto-jpl-eph-0.0~git20180228/ftest.cpp:1312:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ifile = fopen( "ftest.cpp", "rb");
data/pluto-jpl-eph-0.0~git20180228/ftest.cpp:1313:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100];
data/pluto-jpl-eph-0.0~git20180228/hex_comp.cpp:8:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ifile1 = fopen( argv[1], "rb");
data/pluto-jpl-eph-0.0~git20180228/hex_comp.cpp:9:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ifile2 = fopen( argv[2], "rb");
data/pluto-jpl-eph-0.0~git20180228/jpleph.cpp:699:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[84];
data/pluto-jpl-eph-0.0~git20180228/jpleph.cpp:700:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ifile = fopen( ephemeris_filename, "rb");
data/pluto-jpl-eph-0.0~git20180228/jpleph.cpp:722:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
de_version = atoi( title + 26);
data/pluto-jpl-eph-0.0~git20180228/jpleph.cpp:823:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( rval, &temp_data, sizeof( struct jpl_eph_data));
data/pluto-jpl-eph-0.0~git20180228/jpleph.cpp:843:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[7];
data/pluto-jpl-eph-0.0~git20180228/merge_de.cpp:27:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[84 * 3];
data/pluto-jpl-eph-0.0~git20180228/merge_de.cpp:78:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifile = fopen( input_filenames[i], "rb");
data/pluto-jpl-eph-0.0~git20180228/merge_de.cpp:90:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if( de_number != atoi( idata[i].header + 26))
data/pluto-jpl-eph-0.0~git20180228/merge_de.cpp:94:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi( idata[i].header + 26));
data/pluto-jpl-eph-0.0~git20180228/merge_de.cpp:99:30: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
idata[i].jd_start = atol( idata[i].header + 102);
data/pluto-jpl-eph-0.0~git20180228/merge_de.cpp:100:30: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
idata[i].jd_end = atol( idata[i].header + 186);
data/pluto-jpl-eph-0.0~git20180228/merge_de.cpp:135:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofile = fopen( output_filename, "wb");
data/pluto-jpl-eph-0.0~git20180228/merge_de.cpp:152:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifile = fopen( idata[i].filename, "rb");
data/pluto-jpl-eph-0.0~git20180228/sub_eph.cpp:41:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuff[40];
data/pluto-jpl-eph-0.0~git20180228/sub_eph.cpp:43:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tbuff, "%9ld.5 ", jd);
data/pluto-jpl-eph-0.0~git20180228/sub_eph.cpp:48:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buff, tbuff, strlen( tbuff));
data/pluto-jpl-eph-0.0~git20180228/sub_eph.cpp:55:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ofile = fopen( sub_filename, "wb");
data/pluto-jpl-eph-0.0~git20180228/sub_eph.cpp:93:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuff[16];
data/pluto-jpl-eph-0.0~git20180228/testeph.cpp:178:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nams[JPL_MAX_N_CONSTANTS][6], buff[102];
data/pluto-jpl-eph-0.0~git20180228/testeph.cpp:199:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *error_messages[7] = {
data/pluto-jpl-eph-0.0~git20180228/testeph.cpp:229:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
output_frequency = atoi( argv[i] + 2);
data/pluto-jpl-eph-0.0~git20180228/testeph.cpp:286:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( buff + i, "testpo");
data/pluto-jpl-eph-0.0~git20180228/testeph.cpp:291:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buff + strlen( buff), ".%3ld",
data/pluto-jpl-eph-0.0~git20180228/testeph.cpp:295:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testfile = fopen( buff, "r");
data/pluto-jpl-eph-0.0~git20180228/watdefs.h:60:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define FMEMCPY memcpy
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:326:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen( argv[i]);
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:348:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( path_to_ascii_files, "/");
data/pluto-jpl-eph-0.0~git20180228/asc2eph.cpp:350:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( path_to_ascii_files, "\\");
data/pluto-jpl-eph-0.0~git20180228/jpleph.cpp:847:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while( fread( buff, 6, 1, ifile) && strlen( buff) == 6)
data/pluto-jpl-eph-0.0~git20180228/sub_eph.cpp:48:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy( buff, tbuff, strlen( tbuff));
data/pluto-jpl-eph-0.0~git20180228/testeph.cpp:284:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i = strlen( buff); i && buff[i - 1] != path_separator; i--)
data/pluto-jpl-eph-0.0~git20180228/testeph.cpp:291:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buff + strlen( buff), ".%3ld",
data/pluto-jpl-eph-0.0~git20180228/testeph.cpp:413:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar( );
data/pluto-jpl-eph-0.0~git20180228/watdefs.h:68:22: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define FSTRNCPY strncpy
data/pluto-jpl-eph-0.0~git20180228/watdefs.h:71:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define FSTRLEN strlen
ANALYSIS SUMMARY:
Hits = 90
Lines analyzed = 5088 in approximately 0.21 seconds (24149 lines/second)
Physical Source Lines of Code (SLOC) = 2350
Hits@level = [0] 189 [1] 10 [2] 65 [3] 0 [4] 15 [5] 0
Hits@level+ = [0+] 279 [1+] 90 [2+] 80 [3+] 15 [4+] 15 [5+] 0
Hits/KSLOC@level+ = [0+] 118.723 [1+] 38.2979 [2+] 34.0426 [3+] 6.38298 [4+] 6.38298 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.