Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/adestags.c
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/adestest.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/afuncs.h
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/alt_az.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp
Parsing failed to find end of parameter list; semicolon terminated it in ( "\n<b>%s: %.0f\"/hr in RA, %.0f\"/hr in dec (%.2f hours)</b>\n",
#else
printf( "\n%s: %.0f\"/hr in RA, %.0f\"/hr in dec (%.2f hours)\n",
#endif
buff, ra_motion, d
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/astephem.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/astfuncs.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/big_vsop.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/cgi_func.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/cgi_func.h
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/cgicheck.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/chinese.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/classel.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/colors.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/colors.h
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/colors2.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/com_file.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/comets.h
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/conjunct.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/cospar.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/cospar2.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/cosptest.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/date.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/date.h
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/de_plan.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/delta_t.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/dist.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/dist_pa.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/dist_pa2.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/disttest.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/eart2000.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/easter.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/elp82dat.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/eop_prec.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/get_bin.h
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/get_test.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/get_time.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/getplane.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/gust86.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/gust86.h
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/gust_ref.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/htc20b.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/jd.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/jevent.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/jpl2b32.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/jsats.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/jsattest.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/keptest.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/landgraf.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/lun_test.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/lun_tran.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/lun_tran.h
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/lunar.h
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/lunar2.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/marstime.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/mini_dll.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/miscell.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_code.cpp
Parsing failed to find end of parameter list; semicolon terminated it in ( obuff,
#else
snprintf( obuff, sizeof( obuff),
#endif
"%2d %-4s %10.6f %+10.6f %10.3f %9.7f %+10.7f %-15.15s ",
code.planet,
code.code, c
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_fmt.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_func.h
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/mpcorb.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/mpcorb2.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/nutation.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/obliqui2.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/obliquit.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/oblitest.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/persian.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/phases.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/pluto.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/precess.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/precess2.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/prectes2.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/prectest.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/ps_1996.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/rckin.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/refract.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/refract4.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/relativi.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/riseset3.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/riseset3.h
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/rocks.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.h
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/snprintf.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/sof.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/solseqn.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/spline.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/ssats.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/ssattest.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/superga2.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/tables.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/test_ref.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/testprec.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/triton.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/uranus1.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/uranus2.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/utc_algo.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/utc_test.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/vislimit.cpp
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/vislimit.h
Examining data/pluto-lunar-0.0~git20180825.e34c1d1/vsopson.cpp
FINAL RESULTS:
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:28:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int snprintf( char *string, const size_t max_len, const char *format, ...);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:311:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( obuff, "COM Sigmas %s", cptr->rms_ra);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:314:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( obuff + strlen( obuff), "x%s", cptr->rms_dec);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:316:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( obuff + strlen( obuff), ",%s", cptr->corr);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:321:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( obuff, cptr->rms_mag);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:327:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( obuff, cptr->rms_time);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:335:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( obuff, "COM Offset center %s", cptr->center);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:340:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( obuff, cptr->line);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:345:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( obuff, cptr->line2);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:367:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( obuff, "COD %s\n", name);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:397:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( obuff, format, (int)len, tptr);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:448:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( cptr->center, name);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:509:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( cptr->rms_ra, name);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:513:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( cptr->rms_dec, name);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:517:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( cptr->corr, name);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:521:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( cptr->rms_time, name);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:525:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( cptr->rms_mag, name);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:693:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( cptr->psv_hdr, buff);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:715:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( obuff, temp_obuff);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:728:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( obuff, buff);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:808:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( orig_obuff, temp_obuff);
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:119:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( buff, data_path);
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:120:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( buff, filename);
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:136:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( sof_header, buff);
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:435:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int snprintf( char *string, const size_t max_len, const char *format, ...);
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:545:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( ilines[n_ilines], buff);
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:572:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( curr_station, ilines[n] + 77);
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:710:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( results[j], tbuff);
data/pluto-lunar-0.0~git20180825.e34c1d1/astephem.cpp:136:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( object_name, argv[i] + 2);
data/pluto-lunar-0.0~git20180825.e34c1d1/astephem.cpp:142:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( tbuff, argv[i] + 2);
data/pluto-lunar-0.0~git20180825.e34c1d1/astephem.cpp:146:19: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( tbuff, argv[j]);
data/pluto-lunar-0.0~git20180825.e34c1d1/astephem.cpp:231:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tbuff, "%2d %s %4ld: %2ldh%02ldm%02ld.%lds %3d %5.2f' %6.3f %6.3f %4.1f %4.1f\n",
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:69:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buff, "%s %d", months[month - 1], year);
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:98:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( buff, months[month - 1]);
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:244:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( rval[n_found] + 1, buff + loc);
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:289:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( rval[n_found] + 1, names[i]);
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:321:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( rval[n_found] + 1, (month < 6 ? "D'S'T begins" : "D'S'T ends"));
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:346:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( tptr, phasestr);
data/pluto-lunar-0.0~git20180825.e34c1d1/cgi_func.cpp:168:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( field, tptr + 6);
data/pluto-lunar-0.0~git20180825.e34c1d1/cgi_func.cpp:173:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( filename, filename_ptr + 10);
data/pluto-lunar-0.0~git20180825.e34c1d1/chinese.cpp:123:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( text[n_found], ibuff);
data/pluto-lunar-0.0~git20180825.e34c1d1/chinese.cpp:130:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( text[n_found++], ibuff);
data/pluto-lunar-0.0~git20180825.e34c1d1/com_file.cpp:310:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( buff, cd_path);
data/pluto-lunar-0.0~git20180825.e34c1d1/com_file.cpp:311:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( buff, big_comet_file);
data/pluto-lunar-0.0~git20180825.e34c1d1/conjunct.cpp:206:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( obuff, "%2d %2d%7.3lf %s", i, j,
data/pluto-lunar-0.0~git20180825.e34c1d1/cospar.cpp:101:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( cospar_text[line], buff);
data/pluto-lunar-0.0~git20180825.e34c1d1/easter.cpp:123:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int snprintf( char *string, const size_t max_len, const char *format, ...);
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:780:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( buff, tbuff);
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:906:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( buff, argv[i]);
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:913:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buff, "Integrat version %s %s\nIntegrating to %s = JD %.5f\n",
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:1013:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buff, "'%s' has elements for %s = JD %.1f\n",
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:1118:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( buff, buff2);
data/pluto-lunar-0.0~git20180825.e34c1d1/jd.cpp:151:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( buff, argv[1]);
data/pluto-lunar-0.0~git20180825.e34c1d1/jd.cpp:155:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( buff, argv[i]);
data/pluto-lunar-0.0~git20180825.e34c1d1/jsattest.cpp:57:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buff, "j%s.txt", argv[1]);
data/pluto-lunar-0.0~git20180825.e34c1d1/lun_tran.cpp:204:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( place_name + i, ", %s", buff + 6);
data/pluto-lunar-0.0~git20180825.e34c1d1/miscell.cpp:335:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( buff, tbuff);
data/pluto-lunar-0.0~git20180825.e34c1d1/miscell.cpp:354:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( buff, format_str, t2k);
data/pluto-lunar-0.0~git20180825.e34c1d1/miscell.cpp:367:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
buff += sprintf( buff, "%s ",
data/pluto-lunar-0.0~git20180825.e34c1d1/miscell.cpp:381:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( month_str, (leading_zeroes ? "%02d" : "%2d"), month);
data/pluto-lunar-0.0~git20180825.e34c1d1/miscell.cpp:384:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( month_str, set_month_name( month, NULL));
data/pluto-lunar-0.0~git20180825.e34c1d1/miscell.cpp:395:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( year_str, (leading_zeroes ? "%04ld" : "%4ld"), year);
data/pluto-lunar-0.0~git20180825.e34c1d1/miscell.cpp:399:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
buff += sprintf( buff, "%s ", year_str);
data/pluto-lunar-0.0~git20180825.e34c1d1/miscell.cpp:401:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( day_str, (leading_zeroes ? "%02d" : "%2d"), day);
data/pluto-lunar-0.0~git20180825.e34c1d1/miscell.cpp:406:18: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
buff += sprintf( buff, "%s %s", month_str, day_str);
data/pluto-lunar-0.0~git20180825.e34c1d1/miscell.cpp:408:18: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
buff += sprintf( buff, "%s %s", day_str, month_str);
data/pluto-lunar-0.0~git20180825.e34c1d1/miscell.cpp:412:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
buff += sprintf( buff, " %s", year_str);
data/pluto-lunar-0.0~git20180825.e34c1d1/miscell.cpp:443:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buff + strlen( buff), " %s",
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:90:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( obuff, "%s %s %11.8f ", perih_time, epoch_time, elem->q);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_code.cpp:334:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( buff, tbuff + 40);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_code.cpp:409:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( obuff,
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_code.cpp:411:10: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf( obuff, sizeof( obuff),
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_fmt.cpp:30:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int snprintf( char *string, const size_t max_len, const char *format, ...);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_fmt.cpp:668:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( packed_desig + 1, buff);
data/pluto-lunar-0.0~git20180825.e34c1d1/persian.cpp:149:10: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( is_leap ? "Is leap\n" : "Is normal\n");
data/pluto-lunar-0.0~git20180825.e34c1d1/rckin.cpp:61:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( rock_name, tptr);
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:177:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( obuff, " Peri%s %ld %s %.6f TT", pericenter_name, year,
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:185:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( obuff + strlen( obuff), " = %s (JD %.6f)",
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:194:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( obuff, "Epoch %4ld %s %9.6f TT = JDT %.6f", year,
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:233:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( obuff,
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:243:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( obuff, nineteen_blank_spaces);
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:266:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( obuff, nineteen_blank_spaces);
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:340:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( obuff, (elem->is_asteroid ? " H%7.1f G %4.2f" :
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:354:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( obuff, tbuff + i);
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:360:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( obuff, tbuff + i);
data/pluto-lunar-0.0~git20180825.e34c1d1/snprintf.cpp:21:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int snprintf( char *string, const size_t max_len, const char *format, ...)
data/pluto-lunar-0.0~git20180825.e34c1d1/snprintf.cpp:28:11: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
rval = vsprintf( string, format, argptr);
data/pluto-lunar-0.0~git20180825.e34c1d1/snprintf.cpp:30:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rval = vsnprintf( string, max_len, format, argptr);
data/pluto-lunar-0.0~git20180825.e34c1d1/tables.cpp:65:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int snprintf( char *string, const size_t max_len, const char *format, ...);
data/pluto-lunar-0.0~git20180825.e34c1d1/tables.cpp:183:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( buff + 29, strings[quad0]);
data/pluto-lunar-0.0~git20180825.e34c1d1/uranus2.cpp:132:22: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
h_gust86_lib = LoadLibrary( "gust86.dll");
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:37:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[83]; /* allow possible CR, LF, & null */
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:38:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line2[83];
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:39:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rms_ra[PIECE_SIZE], rms_dec[PIECE_SIZE], corr[PIECE_SIZE];
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:40:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rms_mag[PIECE_SIZE], rms_time[PIECE_SIZE], center[PIECE_SIZE];
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:297:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( optr, iptr, (ilen < 9 + leading_places) ? ilen : 9 + leading_places);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:320:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( obuff, " m:");
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:326:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( obuff, " t:");
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:357:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[40];
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:361:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( name, tptr, len);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:399:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( obuff, "COM Mangled name data\n");
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:404:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( cptr->line + 77, tptr, 3);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:426:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int idx = atoi( tptr);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:440:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( obuff, "Bad <sys> tag\n");
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:478:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( obuff, "Bad posn data\n");
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:481:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &cptr->line2[dec_loc + 1], name + 1,
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:532:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuff[20];
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:536:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( cptr->line, tbuff, 12);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:545:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( cptr->line, tptr, len);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:554:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( cptr->line + 5, tptr, len);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:556:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( cptr->line + 12 - len, tptr, len);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:560:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( cptr->line + 65, tptr, (len < 5) ? len : 5);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:676:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_obuff[300], *orig_obuff = NULL;
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:801:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( cptr->line2, cptr->line, 12);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:802:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( cptr->line2 + 15, cptr->line + 15, 17);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:803:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( cptr->line2 + 77, cptr->line + 77, 3);
data/pluto-lunar-0.0~git20180825.e34c1d1/adestest.cpp:8:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ifile = fopen( argv[1], "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/adestest.cpp:9:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[200];
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:109:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sof_header[MAX_SOF_SIZE];
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:114:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ifile = fopen( filename, "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:115:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[450];
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:121:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifile = fopen( buff, "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:188:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuff[300];
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:256:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[20];
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:266:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( filename, ".chk");
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:269:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifile = fopen( filename, "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:302:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofile = fopen( filename, "wb");
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:449:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[90];
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:458:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *mpc_station_file = fopen( "ObsCodes.html", "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:459:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curr_station[7];
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:464:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mpc_station_file = fopen( "ObsCodes.htm", "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:478:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verbose = 1 + atoi( argv[i] + 2);
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:510:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifile = fopen( argv[1], "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:562:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *results[MAX_RESULTS + 1];
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:563:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuff[300];
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:612:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buff, ilines[n], 12);
data/pluto-lunar-0.0~git20180825.e34c1d1/astephem.cpp:119:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ifile = fopen( "astorb.dat", "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/astephem.cpp:120:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuff[300], object_name[40];
data/pluto-lunar-0.0~git20180825.e34c1d1/astephem.cpp:159:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n_intervals = atoi( argv[i] + 2);
data/pluto-lunar-0.0~git20180825.e34c1d1/big_vsop.cpp:133:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifile = fopen( "big_vsop.bin", "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:48:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *months[12] = { "January", "February", "March",
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:67:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[80];
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:71:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buff + strlen( buff), " (JD %ld.5)",
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:82:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100];
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:99:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buff + strlen( buff), " %d", year);
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:134:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
phase_file = fopen( phase_file_name, "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:136:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
phase_file = fopen( "phases.dat", "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:197:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_for_year[40];
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:204:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( file_for_year, "date%d.txt", year);
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:208:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *dates_file = fopen( pass ? file_for_year : date_filename, "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:212:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[80];
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:220:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
days[0] = (unsigned)atoi( buff + 3);
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:268:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *names[3] = { "Rosh Hashanah", "Yom Kippur", "Easter" };
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:285:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rval[n_found] = (char *)malloc( strlen( names[i]) + 2);
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:337:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *phases[4] = { "*New moon", "*First quarter",
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:356:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * const trailer_data[51] = {
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:443:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100];
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:444:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lines_used[35], phases_shown[35];
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:504:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buff, "%d/%d", i, i + 7);
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:508:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buff, "%d", i);
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:586:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *day_of_week_text[7] = { "Sunday", "Monday", "Tuesday",
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:621:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int month = atoi( argv[1]), year = atoi( argv[2]);
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:621:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int month = atoi( argv[1]), year = atoi( argv[2]);
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:627:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
year = atoi( argv[1]);
data/pluto-lunar-0.0~git20180825.e34c1d1/cgicheck.cpp:42:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv[20];
data/pluto-lunar-0.0~git20180825.e34c1d1/cgicheck.cpp:45:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boundary[100], field[30];
data/pluto-lunar-0.0~git20180825.e34c1d1/cgicheck.cpp:48:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *lock_file = fopen( "lock.txt", "w");
data/pluto-lunar-0.0~git20180825.e34c1d1/cgicheck.cpp:88:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ofile = fopen( temp_obs_filename,
data/pluto-lunar-0.0~git20180825.e34c1d1/cgicheck.cpp:101:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verbose = atoi( verbosity + 1) + 1;
data/pluto-lunar-0.0~git20180825.e34c1d1/cgicheck.cpp:119:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( field, "-r%.2f", search_radius * 3600.); /* cvt degrees to arcsec */
data/pluto-lunar-0.0~git20180825.e34c1d1/chinese.cpp:41:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int i, month = 12, year = atoi( text[0] + 35), intercalary_month = 0;
data/pluto-lunar-0.0~git20180825.e34c1d1/chinese.cpp:58:26: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const long jd = atol( text[i]);
data/pluto-lunar-0.0~git20180825.e34c1d1/chinese.cpp:78:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( text[i] + 31, "%4di%5d\n", prev_month, prev_year);
data/pluto-lunar-0.0~git20180825.e34c1d1/chinese.cpp:86:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( text[i] + 31, "%4d%6d\n", month, year);
data/pluto-lunar-0.0~git20180825.e34c1d1/chinese.cpp:103:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *buff, *text[30], ibuff[60];
data/pluto-lunar-0.0~git20180825.e34c1d1/chinese.cpp:105:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ifile = fopen( argv[1], "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/chinese.cpp:114:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n_years = (short)atoi( argv[2]);
data/pluto-lunar-0.0~git20180825.e34c1d1/chinese.cpp:142:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ofile = fopen( "chinese.dat", "wb");
data/pluto-lunar-0.0~git20180825.e34c1d1/colors.cpp:258:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int function = atoi( argv[1]), i;
data/pluto-lunar-0.0~git20180825.e34c1d1/colors.cpp:259:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[200];
data/pluto-lunar-0.0~git20180825.e34c1d1/colors.cpp:260:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ifile = fopen( "loneos.phot", "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/colors.cpp:330:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[200];
data/pluto-lunar-0.0~git20180825.e34c1d1/colors.cpp:331:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ifile = fopen( "loneos.pho", "rb"), *ofile;
data/pluto-lunar-0.0~git20180825.e34c1d1/colors.cpp:339:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofile = fopen( "loneos2.pho", "wb");
data/pluto-lunar-0.0~git20180825.e34c1d1/colors.cpp:393:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buff + BV_OFFSET, "%5.2f", b_minus_v);
data/pluto-lunar-0.0~git20180825.e34c1d1/colors.cpp:398:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buff + VR_OFFSET, "%5.2f", v_minus_r);
data/pluto-lunar-0.0~git20180825.e34c1d1/colors.cpp:403:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buff + VI_OFFSET, "%5.2f", v_minus_i);
data/pluto-lunar-0.0~git20180825.e34c1d1/com_file.cpp:68:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ostr, istr + i + 1, end - i);
data/pluto-lunar-0.0~git20180825.e34c1d1/com_file.cpp:106:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( atoi( loc + 1) > 1000 && atoi( loc + 1) < 2300)
data/pluto-lunar-0.0~git20180825.e34c1d1/com_file.cpp:106:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( atoi( loc + 1) > 1000 && atoi( loc + 1) < 2300)
data/pluto-lunar-0.0~git20180825.e34c1d1/com_file.cpp:111:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ostr, loc, i);
data/pluto-lunar-0.0~git20180825.e34c1d1/com_file.cpp:170:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifile = fopen( "cometlim.bin", "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/com_file.cpp:225:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofile = fopen( local_file, "wb");
data/pluto-lunar-0.0~git20180825.e34c1d1/com_file.cpp:234:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifile = fopen( "comets.dat", "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/com_file.cpp:240:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n_comets = atoi( buff);
data/pluto-lunar-0.0~git20180825.e34c1d1/com_file.cpp:245:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char period_name[50];
data/pluto-lunar-0.0~git20180825.e34c1d1/com_file.cpp:307:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifile = fopen( big_comet_file + 9, "rb"); /* think locally... */
data/pluto-lunar-0.0~git20180825.e34c1d1/com_file.cpp:312:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifile = fopen( buff, "rb"); /* ...then CD */
data/pluto-lunar-0.0~git20180825.e34c1d1/com_file.cpp:321:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n_comets_in_file = atoi( buff);
data/pluto-lunar-0.0~git20180825.e34c1d1/com_file.cpp:329:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char period_name[50];
data/pluto-lunar-0.0~git20180825.e34c1d1/conjunct.cpp:37:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char is_used[N_OBJECTS];
data/pluto-lunar-0.0~git20180825.e34c1d1/conjunct.cpp:60:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( loc, tloc, 3 * sizeof( double));
data/pluto-lunar-0.0~git20180825.e34c1d1/conjunct.cpp:136:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuff[80];
data/pluto-lunar-0.0~git20180825.e34c1d1/conjunct.cpp:143:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[80];
data/pluto-lunar-0.0~git20180825.e34c1d1/conjunct.cpp:155:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t_used[N_OBJECTS];
data/pluto-lunar-0.0~git20180825.e34c1d1/conjunct.cpp:263:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
home_planet = atoi( argv[i] + 1);
data/pluto-lunar-0.0~git20180825.e34c1d1/conjunct.cpp:275:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
log_file = fopen( "d:\\z2", "wb");
data/pluto-lunar-0.0~git20180825.e34c1d1/conjunct.cpp:282:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( val1, val2, 3 * N_OBJECTS * sizeof( double));
data/pluto-lunar-0.0~git20180825.e34c1d1/conjunct.cpp:283:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( val2, val3, 3 * N_OBJECTS * sizeof( double));
data/pluto-lunar-0.0~git20180825.e34c1d1/cospar.cpp:55:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[300];
data/pluto-lunar-0.0~git20180825.e34c1d1/cospar.cpp:71:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ifile = fopen( cospar_filename, "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/cospar.cpp:149:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
curr_obj_from_file = atoi( tptr + 4);
data/pluto-lunar-0.0~git20180825.e34c1d1/cospar.cpp:211:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
idx = atoi( tptr + 4);
data/pluto-lunar-0.0~git20180825.e34c1d1/cospar.cpp:214:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
multiplier = atoi( tptr + 3);
data/pluto-lunar-0.0~git20180825.e34c1d1/cospar.cpp:215:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
idx = atoi( tptr + 5);
data/pluto-lunar-0.0~git20180825.e34c1d1/cospar.cpp:307:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( matrix, prev_matrix, 9 * sizeof( double));
data/pluto-lunar-0.0~git20180825.e34c1d1/cospar.cpp:325:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( prev_matrix, matrix, 9 * sizeof( double));
data/pluto-lunar-0.0~git20180825.e34c1d1/cospar.cpp:347:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( prev_matrix, matrix, 9 * sizeof( double));
data/pluto-lunar-0.0~git20180825.e34c1d1/cospar.cpp:357:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int planet_number = atoi( argv[1]);
data/pluto-lunar-0.0~git20180825.e34c1d1/cospar.cpp:359:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int system_number = (argc > 3 ? atoi( argv[3]) : 0);
data/pluto-lunar-0.0~git20180825.e34c1d1/cospar2.cpp:185:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( matrix, prev_matrix, 9 * sizeof( double));
data/pluto-lunar-0.0~git20180825.e34c1d1/cospar2.cpp:199:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( prev_matrix, matrix, 9 * sizeof( double));
data/pluto-lunar-0.0~git20180825.e34c1d1/cospar2.cpp:270:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( prev_matrix, matrix, 9 * sizeof( double));
data/pluto-lunar-0.0~git20180825.e34c1d1/date.cpp:118:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *month_names[N_MONTHS] = { "Jan", "Feb", "Mar",
data/pluto-lunar-0.0~git20180825.e34c1d1/date.cpp:123:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *day_of_week_names[7] = { "Sun", "Mon", "Tue", "Wed",
data/pluto-lunar-0.0~git20180825.e34c1d1/date.cpp:148:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char months[13] =
data/pluto-lunar-0.0~git20180825.e34c1d1/date.cpp:167:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( month_data, months, 13);
data/pluto-lunar-0.0~git20180825.e34c1d1/date.cpp:594:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &packed_val, chinese_calendar_data + 4 + 3 * index, 3);
data/pluto-lunar-0.0~git20180825.e34c1d1/date.cpp:675:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mdata[N_MONTHS];
data/pluto-lunar-0.0~git20180825.e34c1d1/date.cpp:714:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char month_data[N_MONTHS];
data/pluto-lunar-0.0~git20180825.e34c1d1/de_plan.cpp:145:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifile = fopen( "ps_1996.dat", "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/de_plan.cpp:189:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
tbuff = (char *)malloc( (size_t)block_sizes[block]);
data/pluto-lunar-0.0~git20180825.e34c1d1/de_plan.cpp:201:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p.secular, tbuff, 12 * sizeof( double));
data/pluto-lunar-0.0~git20180825.e34c1d1/de_plan.cpp:208:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( rval, &p, sizeof( POISSON));
data/pluto-lunar-0.0~git20180825.e34c1d1/de_plan.cpp:340:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifile = fopen( "ps_1996.dat", "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/de_plan.cpp:346:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p = load_ps1996_series( ifile, t0, atoi( argv[1]));
data/pluto-lunar-0.0~git20180825.e34c1d1/easter.cpp:138:17: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
year = atol( argv[1]) + (i % n_across) * n_down + i / n_across;
data/pluto-lunar-0.0~git20180825.e34c1d1/easter.cpp:151:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( month == atoi( argv[1]) && day == atoi( argv[2]))
data/pluto-lunar-0.0~git20180825.e34c1d1/easter.cpp:151:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( month == atoi( argv[1]) && day == atoi( argv[2]))
data/pluto-lunar-0.0~git20180825.e34c1d1/easter.cpp:183:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[80];
data/pluto-lunar-0.0~git20180825.e34c1d1/elp82dat.cpp:336:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifile = fopen( "elp82.dat", "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/elp82dat.cpp:390:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ifile = fopen( "elp82.dat", "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/eop_prec.cpp:94:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ifile = fopen( filename, "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/eop_prec.cpp:95:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[200];
data/pluto-lunar-0.0~git20180825.e34c1d1/eop_prec.cpp:147:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rval = atoi( buff + 7) - 1;
data/pluto-lunar-0.0~git20180825.e34c1d1/get_test.cpp:38:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ifile = fopen( argc == 1 ? "get_test.txt" : argv[1], "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/get_test.cpp:42:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[80];
data/pluto-lunar-0.0~git20180825.e34c1d1/get_test.cpp:60:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuff[80];
data/pluto-lunar-0.0~git20180825.e34c1d1/get_time.cpp:366:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[80];
data/pluto-lunar-0.0~git20180825.e34c1d1/get_time.cpp:494:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *search_text[4] = { " am", " a.m.", " pm", " p.m." };
data/pluto-lunar-0.0~git20180825.e34c1d1/get_time.cpp:574:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstr[80];
data/pluto-lunar-0.0~git20180825.e34c1d1/get_time.cpp:577:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tstr, str, (size_t)i);
data/pluto-lunar-0.0~git20180825.e34c1d1/get_time.cpp:595:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tstr, str, (size_t)i);
data/pluto-lunar-0.0~git20180825.e34c1d1/htc20b.cpp:259:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *sat_name[3] = { "Helen", "Teles", "Calyp" };
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:127:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *rval = fopen( filename, permits);
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:144:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( filename, "chunk%d.ugh", chunk_number);
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:188:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( perturber_loc, loc + 12, 3 * sizeof( double));
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:301:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( perturber_loc, posn_data + i * 3, 3 * sizeof( double));
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:321:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( posn_data + asteroid_perturber_number * 3, posnvel,
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:395:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ovals, ivals[6], N_VALUES * sizeof( double));
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:419:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ovals, ivals, N_VALUES * sizeof( double));
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:432:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ovals, new_vals, N_VALUES * sizeof( double));
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:485:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( delta, new_delta, 6 * sizeof( double));
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:566:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( epoch_buff + 1, "%02ld", year % 100L);
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:585:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char check_bytes[20] = { 24, '.', 21, ' ',
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:597:34: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const long epoch_date = atol( buff + 81);
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:601:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
elem->perih_time = dmy_to_day( 0, atoi( buff + 19),
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:602:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi( buff + 14), 0) + atof( buff + 22) - .5;
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:643:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( obuff + j, ibuff + 102, (size_t)len);
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:648:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( obuff + 55, ibuff + 14, 4); /* year */
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:649:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( obuff + 52, ibuff + 19, 2); /* month */
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:650:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( obuff + 43, ibuff + 22, 8); /* day */
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:651:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( obuff + 62, "0.0", 3); /* mean anomaly = 0 for comets */
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:652:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( obuff + 73, ibuff + 30, 9); /* q */
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:653:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( obuff + 86, ibuff + 41, 8); /* ecc */
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:654:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( obuff + 96, ibuff + 71, 9); /* incl */
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:655:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( obuff + 108, ibuff + 51, 9); /* arg per */
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:656:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( obuff + 120, ibuff + 61, 9); /* asc node */
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:657:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( obuff + 132, "2000.0", 6);
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:658:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( obuff + 141, ibuff + 91, 9); /* magnitude data */
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:659:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( obuff + 154, "Epoch:", 6);
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:660:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( obuff + 160, ibuff + 81, 8); /* epoch */
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:738:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buff + 26, "%9.5f %9.5f %9.5f %9.5f%12.8f",
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:744:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buff + 79, "%12.8f%12.7f", (180. / PI) / elem.t0,
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:750:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuff[50];
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:759:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buff + 30, "%9.6f%10.6f %9.5f %9.5f %9.5f",
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:769:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buff + 81, tbuff, 4); /* year */
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:770:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buff + 85, tbuff + 5, 2); /* month */
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:771:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buff + 87, tbuff + 8, 2); /* day */
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:777:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuff[200];
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:835:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[220], time_buff[60];
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:847:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *new_args[5] = { NULL, "nea.dat", "neatod.dat",
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:946:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_asteroids = atoi( argv[i] + 2);
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:954:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
resync_freq = atoi( argv[i] + 2);
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:964:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verbose = 1 + atoi( argv[i] + 2);
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:969:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n_processes = atoi( argv[i] + 2);
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:1024:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buff, "%d asteroids to be integrated\n", total_asteroids_in_file);
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:1039:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch( atoi( buff))
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:1060:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfile_name[50];
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:1091:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( outfile_name, "chunk%d.ugh", process_number);
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:1107:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff2[220];
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:1139:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuff[30];
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:1141:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tbuff, buff, 29);
data/pluto-lunar-0.0~git20180825.e34c1d1/jd.cpp:42:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *islamic_month_names[12] = {
data/pluto-lunar-0.0~git20180825.e34c1d1/jd.cpp:48:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *hebrew_month_names[13] = {
data/pluto-lunar-0.0~git20180825.e34c1d1/jd.cpp:52:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *french_month_names[12] = {
data/pluto-lunar-0.0~git20180825.e34c1d1/jd.cpp:60:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *french_extra_day_names[6] = {
data/pluto-lunar-0.0~git20180825.e34c1d1/jd.cpp:92:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ifile = fopen( filename, "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/jd.cpp:145:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[90];
data/pluto-lunar-0.0~git20180825.e34c1d1/jd.cpp:148:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( buff, "+0"); /* show current time */
data/pluto-lunar-0.0~git20180825.e34c1d1/jd.cpp:180:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *calendar_names[9] = {
data/pluto-lunar-0.0~git20180825.e34c1d1/jevent.cpp:71:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *event_str[4] = {"Occ", "Tra", "Ecl", "Sha"};
data/pluto-lunar-0.0~git20180825.e34c1d1/jevent.cpp:72:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[80];
data/pluto-lunar-0.0~git20180825.e34c1d1/jevent.cpp:193:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
vsop_file = fopen( "vsop.bin", "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/jevent.cpp:210:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( vsop_data + (unsigned)i * VSOP_CHUNK, vsop_tbuff, VSOP_CHUNK);
data/pluto-lunar-0.0~git20180825.e34c1d1/jevent.cpp:239:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sat_no = (unsigned)atoi( argv[i] + 2);
data/pluto-lunar-0.0~git20180825.e34c1d1/jevent.cpp:242:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n_days = (unsigned)atoi( argv[i] + 2);
data/pluto-lunar-0.0~git20180825.e34c1d1/jevent.cpp:245:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofile = fopen( argv[i] + 2, "wb");
data/pluto-lunar-0.0~git20180825.e34c1d1/jevent.cpp:248:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
data_file = fopen( argv[i] + 2, "ab");
data/pluto-lunar-0.0~git20180825.e34c1d1/jevent.cpp:261:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
jd = dmy_to_day( 0, atoi( argv[2]), atol( argv[3]), (int)julian);
data/pluto-lunar-0.0~git20180825.e34c1d1/jevent.cpp:261:40: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
jd = dmy_to_day( 0, atoi( argv[2]), atol( argv[3]), (int)julian);
data/pluto-lunar-0.0~git20180825.e34c1d1/jevent.cpp:304:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &temp, e + j + gap, sizeof( EVENT));
data/pluto-lunar-0.0~git20180825.e34c1d1/jevent.cpp:305:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( e + j + gap, e + j, sizeof( EVENT));
data/pluto-lunar-0.0~git20180825.e34c1d1/jevent.cpp:306:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( e + j, &temp, sizeof( EVENT));
data/pluto-lunar-0.0~git20180825.e34c1d1/jevent.cpp:335:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[5];
data/pluto-lunar-0.0~git20180825.e34c1d1/jevent.cpp:341:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buff, &tval, sizeof( int32_t));
data/pluto-lunar-0.0~git20180825.e34c1d1/jpl2b32.cpp:34:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ifile = (argc > 1 ? fopen( argv[1], "rb") : NULL);
data/pluto-lunar-0.0~git20180825.e34c1d1/jpl2b32.cpp:36:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[200];
data/pluto-lunar-0.0~git20180825.e34c1d1/jpl2b32.cpp:38:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int sat_id = (argc > 1 ? atoi( argv[1]) : 0);
data/pluto-lunar-0.0~git20180825.e34c1d1/jpl2b32.cpp:60:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buff, "%d.b32", sat_id);
data/pluto-lunar-0.0~git20180825.e34c1d1/jpl2b32.cpp:61:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofile = fopen( buff, "wb");
data/pluto-lunar-0.0~git20180825.e34c1d1/jpl2b32.cpp:113:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buff, "%d %d %10.1f %f %ld %d %g %d %d ",
data/pluto-lunar-0.0~git20180825.e34c1d1/jsattest.cpp:46:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100];
data/pluto-lunar-0.0~git20180825.e34c1d1/jsattest.cpp:58:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifile = fopen( buff, "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/jsattest.cpp:72:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
double loc[15], *tptr = loc + atoi( argv[1]) * 3 - 3;
data/pluto-lunar-0.0~git20180825.e34c1d1/lun_test.cpp:27:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char place_name[100];
data/pluto-lunar-0.0~git20180825.e34c1d1/lun_test.cpp:38:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
year = atoi( argv[1]);
data/pluto-lunar-0.0~git20180825.e34c1d1/lun_test.cpp:39:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
month = atoi( argv[2]);
data/pluto-lunar-0.0~git20180825.e34c1d1/lun_test.cpp:40:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
zip_code = atoi( argv[3]);
data/pluto-lunar-0.0~git20180825.e34c1d1/lun_test.cpp:58:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char transit_buff[6], antitransit_buff[6];
data/pluto-lunar-0.0~git20180825.e34c1d1/lun_tran.cpp:170:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( buff, "--:--");
data/pluto-lunar-0.0~git20180825.e34c1d1/lun_tran.cpp:175:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buff, "%02d:%02d", minutes / 60, minutes % 60);
data/pluto-lunar-0.0~git20180825.e34c1d1/lun_tran.cpp:183:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ifile = fopen( "zips5.txt", "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/lun_tran.cpp:184:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100];
data/pluto-lunar-0.0~git20180825.e34c1d1/lun_tran.cpp:190:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( atoi( buff) == zip_code)
data/pluto-lunar-0.0~git20180825.e34c1d1/lun_tran.cpp:194:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*time_zone = atoi( buff + 35);
data/pluto-lunar-0.0~git20180825.e34c1d1/lun_tran.cpp:195:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*use_dst = atoi( buff + 39);
data/pluto-lunar-0.0~git20180825.e34c1d1/marstime.cpp:155:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buff, "%02d:%02d:%02d.%03d",
data/pluto-lunar-0.0~git20180825.e34c1d1/marstime.cpp:168:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[80];
data/pluto-lunar-0.0~git20180825.e34c1d1/miscell.cpp:255:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rval = atoi( desig + 1) - 1;
data/pluto-lunar-0.0~git20180825.e34c1d1/miscell.cpp:329:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuff[40];
data/pluto-lunar-0.0~git20180825.e34c1d1/miscell.cpp:331:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tbuff, "%21.16Lf", t2k / 365.25 + 2000.);
data/pluto-lunar-0.0~git20180825.e34c1d1/miscell.cpp:344:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format_str[10];
data/pluto-lunar-0.0~git20180825.e34c1d1/miscell.cpp:346:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( format_str, "JD %%.%dLf", precision);
data/pluto-lunar-0.0~git20180825.e34c1d1/miscell.cpp:376:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char month_str[25];
data/pluto-lunar-0.0~git20180825.e34c1d1/miscell.cpp:377:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char year_str[10];
data/pluto-lunar-0.0~git20180825.e34c1d1/miscell.cpp:378:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char day_str[15];
data/pluto-lunar-0.0~git20180825.e34c1d1/miscell.cpp:393:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( year_str, "%02d", abs( (int)year % 100));
data/pluto-lunar-0.0~git20180825.e34c1d1/miscell.cpp:424:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buff, "%2ld:%02ld:%02ld", i / 3600L, (i / 60) % 60L,
data/pluto-lunar-0.0~git20180825.e34c1d1/miscell.cpp:428:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buff, "%2ld:%02ld", i / 60L, i % 60L);
data/pluto-lunar-0.0~git20180825.e34c1d1/miscell.cpp:431:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buff, "%2ld", i);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:39:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t_perih[15];
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:48:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( t_perih, buff + 105, 14);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:65:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( name + 5, iline + 166, 7);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:71:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( name, iline + 175, 12);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:82:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char perih_time[20], epoch_time[20];
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:98:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *rval = fopen( filename, permits);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:153:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int na = (astr[7] == ' ' ? 0 : atoi( astr + 7));
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:154:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int nb = (bstr[7] == ' ' ? 0 : atoi( bstr + 7));
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:165:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rval = atoi( astr + 2) - atoi( bstr + 2);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:165:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rval = atoi( astr + 2) - atoi( bstr + 2);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:170:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rval = atoi( astr + 11) - atoi( bstr + 11);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:170:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rval = atoi( astr + 11) - atoi( bstr + 11);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:187:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[400], *obuff = (char *)calloc( MAX_ORBITS, reclen);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:188:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuff[MAX_OUT];
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:189:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ifile = fopen( (argc > 1 ? argv[1] : "mpcorb.dat"), "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:205:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[30];
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:210:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tbuff + strlen( tbuff), "%.4s %.5s ",
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:212:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tbuff + strlen( tbuff), "%.8s %.5s %.5s\n",
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:215:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( obuff + n_out * reclen, tbuff, reclen);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:231:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tptr, name[13];
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:236:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( name, buff + 3, 12);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:243:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( name, buff, 4);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:248:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( name + 4, tptr - 1, 2);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:250:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( name + 4, tptr - 2, 3);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:254:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( tbuff, " "); /* rms, number obs */
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:255:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( tbuff, " \n"); /* Tlast, H, G */
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:257:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( obuff + n_out * reclen, tbuff, reclen);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_code.cpp:246:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rval = atoi( tptr + 1);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_code.cpp:290:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( cinfo->code, buff, 4);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_code.cpp:306:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ifile = fopen( "geo_rect.txt", "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_code.cpp:313:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuff[90];
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_code.cpp:356:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ifile = fopen( (argc < 2 ? "ObsCodes.htm" : argv[1]), "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_code.cpp:357:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[200];
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_code.cpp:367:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifile = fopen( "ObsCodes.html", "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_code.cpp:399:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char region[100], obuff[200];
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_fmt.cpp:162:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuff[18];
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_fmt.cpp:172:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tbuff, buff + 15, 17);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_fmt.cpp:184:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
year = atoi( tbuff);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_fmt.cpp:185:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
month = atoi( tbuff + 5);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_fmt.cpp:190:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rval = (double)atoi( tbuff + 8) +
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_fmt.cpp:191:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(double)atoi( tbuff + 11) / (double)divisor;
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_fmt.cpp:324:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[13];
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_fmt.cpp:333:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buff, ibuff, 12);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_fmt.cpp:346:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tval = atoi( buff);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_fmt.cpp:526:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char net1[80], net2[80], rval = 0;
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_fmt.cpp:574:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[20], comet_desig = 0;
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_fmt.cpp:596:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
number = atoi( buff);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_fmt.cpp:610:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *surveys[4] = { "P-L", "T-1", "T-2", "T-3" };
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_fmt.cpp:614:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *surveys_packed[4] = {
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_fmt.cpp:617:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( packed_desig + 8, buff, 4);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_fmt.cpp:618:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( packed_desig + 5, surveys_packed[i], 3);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_fmt.cpp:638:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sub_designator = atoi( buff + i);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_fmt.cpp:654:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int number = atoi( buff);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_fmt.cpp:657:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( packed_desig, "%04d%c ", number, comet_desig);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_fmt.cpp:659:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( packed_desig, "%c%04d ", mutant_hex( number / 10000),
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_func.h:41:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[5];
data/pluto-lunar-0.0~git20180825.e34c1d1/mpcorb.cpp:148:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
epoch_jd = atoi( buff + 106);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpcorb2.cpp:54:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[210];
data/pluto-lunar-0.0~git20180825.e34c1d1/mpcorb2.cpp:94:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ifile = fopen( "mpcorb.dat", "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/mpcorb2.cpp:96:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuff[80];
data/pluto-lunar-0.0~git20180825.e34c1d1/mpcorb2.cpp:107:22: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
long rec_num = atol( argv[1]);
data/pluto-lunar-0.0~git20180825.e34c1d1/obliqui2.cpp:511:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ifile = fopen( t_cen < 0. ? "prec0n.asc" : "prec0p.asc", "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/obliqui2.cpp:516:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[80];
data/pluto-lunar-0.0~git20180825.e34c1d1/oblitest.cpp:39:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned n_steps = (argc > 3 ? (unsigned)atoi( argv[3]) : 21);
data/pluto-lunar-0.0~git20180825.e34c1d1/persian.cpp:94:16: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
long year = atol( argv[1]), n_years, year0;
data/pluto-lunar-0.0~git20180825.e34c1d1/persian.cpp:124:17: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n_years = atol( argv[2]);
data/pluto-lunar-0.0~git20180825.e34c1d1/persian.cpp:177:17: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
long y1 = atol( argv[1]);
data/pluto-lunar-0.0~git20180825.e34c1d1/persian.cpp:178:17: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
long y2 = atol( argv[2]);
data/pluto-lunar-0.0~git20180825.e34c1d1/persian.cpp:181:21: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
long const1 = atol( argv[3]), const2 = 10000L;
data/pluto-lunar-0.0~git20180825.e34c1d1/persian.cpp:194:19: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const2 = atol( argv[4]);
data/pluto-lunar-0.0~git20180825.e34c1d1/phases.cpp:79:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[80];
data/pluto-lunar-0.0~git20180825.e34c1d1/phases.cpp:85:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
vsop_file = fopen( "vsop.bin", "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/phases.cpp:121:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
log_file = fopen( argv[i] + 2, "wb");
data/pluto-lunar-0.0~git20180825.e34c1d1/phases.cpp:124:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
data_file = fopen( argv[i] + 2, "wb");
data/pluto-lunar-0.0~git20180825.e34c1d1/phases.cpp:145:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *phase_name[4] = {
data/pluto-lunar-0.0~git20180825.e34c1d1/precess.cpp:165:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( matrix, prev_matrix, 9 * sizeof( double));
data/pluto-lunar-0.0~git20180825.e34c1d1/precess.cpp:172:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( matrix, prev_matrix, 9 * sizeof( double));
data/pluto-lunar-0.0~git20180825.e34c1d1/precess.cpp:194:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( matrix, product, 9 * sizeof( double));
data/pluto-lunar-0.0~git20180825.e34c1d1/precess.cpp:198:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( prev_matrix, matrix, 9 * sizeof( double));
data/pluto-lunar-0.0~git20180825.e34c1d1/precess.cpp:343:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *titles[3] = { "From ecliptic", "Equatorial 'straight'",
data/pluto-lunar-0.0~git20180825.e34c1d1/prectest.cpp:56:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuff[80];
data/pluto-lunar-0.0~git20180825.e34c1d1/prectest.cpp:86:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *labels[3] = { "IAU1976 precession, no nutation:", "With IAU1980 nutation:",
data/pluto-lunar-0.0~git20180825.e34c1d1/ps_1996.cpp:156:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buff, "%02ldh %02ldm %02ld.%04lds ",
data/pluto-lunar-0.0~git20180825.e34c1d1/ps_1996.cpp:170:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buff, "%02ld %02ld' %02ld.%03ld\" ",
data/pluto-lunar-0.0~git20180825.e34c1d1/ps_1996.cpp:201:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ifile = fopen( "elp82.dat", "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/ps_1996.cpp:212:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[80];
data/pluto-lunar-0.0~git20180825.e34c1d1/ps_1996.cpp:259:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifile = fopen( "ps_1996.dat", "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/ps_1996.cpp:286:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *planet_names[10] = {
data/pluto-lunar-0.0~git20180825.e34c1d1/ps_1996.cpp:293:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( buff, "No data for that time");
data/pluto-lunar-0.0~git20180825.e34c1d1/rckin.cpp:37:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ifile = fopen( argv[1], "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/rckin.cpp:38:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[200];
data/pluto-lunar-0.0~git20180825.e34c1d1/rckin.cpp:39:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rock_name[80];
data/pluto-lunar-0.0~git20180825.e34c1d1/rckin.cpp:66:58: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
printf( "\n { %d, /* %s %s*/\n", atoi( buff + 17),
data/pluto-lunar-0.0~git20180825.e34c1d1/rckin.cpp:75:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int field_no = atoi( buff + 9);
data/pluto-lunar-0.0~git20180825.e34c1d1/rckin.cpp:76:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *comment[10] = { NULL,
data/pluto-lunar-0.0~git20180825.e34c1d1/rckin.cpp:88:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( tptr, " * PI / 180.");
data/pluto-lunar-0.0~git20180825.e34c1d1/rckin.cpp:91:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
comment[atoi( buff + 9)]);
data/pluto-lunar-0.0~git20180825.e34c1d1/rckin.cpp:95:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( tptr, " * PI / 180.,");
data/pluto-lunar-0.0~git20180825.e34c1d1/rckin.cpp:100:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( tptr, " * PI / 180. },");
data/pluto-lunar-0.0~git20180825.e34c1d1/relativi.cpp:83:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( perturber_loc, loc + 12, 3 * sizeof( double));
data/pluto-lunar-0.0~git20180825.e34c1d1/relativi.cpp:191:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ovals, ivals[6], n_vals * sizeof( double));
data/pluto-lunar-0.0~git20180825.e34c1d1/relativi.cpp:212:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( delta, new_delta, 6 * sizeof( double));
data/pluto-lunar-0.0~git20180825.e34c1d1/relativi.cpp:227:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ifile = fopen( "vsop.bin", "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/riseset3.cpp:38:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ifile = fopen( filename, "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/riseset3.cpp:95:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pdata->ecliptic_loc, loc, 3 * sizeof( double));
data/pluto-lunar-0.0~git20180825.e34c1d1/riseset3.cpp:102:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pdata->equatorial_loc, loc, 3 * sizeof( double));
data/pluto-lunar-0.0~git20180825.e34c1d1/riseset3.cpp:110:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pdata->altaz_loc, loc, 3 * sizeof( double));
data/pluto-lunar-0.0~git20180825.e34c1d1/rocks.cpp:728:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int i, jpl_id = atoi( argv[2]);
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:105:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( obuff, " <HUGE>");
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:109:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( obuff, "%23.15f", dist_in_au);
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:111:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( obuff, "%23.18f", dist_in_au);
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:114:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( obuff, "%23.16f", dist_in_au * AU_IN_KM);
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:126:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( obuff, "km");
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:135:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( obuff + strlen( obuff), "%+*.*f%+*.*f",
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:168:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *perinames[N_PERICENTERS] = { "barion",
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:181:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hhmmss[20];
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:219:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( obuff, "M%20.15f", mean_anomaly * 180. / PI);
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:223:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( obuff, " (2000.0) P Q");
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:250:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( obuff, "n%*.*f", n_digits_to_show + 8, n_digits_to_show + 3,
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:256:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( obuff, "Peri.%*.*f",
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:277:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( obuff, "Node %*.*f", n_digits_to_show + 6, n_digits_to_show,
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:287:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( obuff, "e 1.0 ");
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:290:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( obuff, "e%*.*f", n_digits_to_show + 8,
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:296:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( obuff, "Incl.%*.*f", n_digits_to_show + 6, n_digits_to_show,
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:314:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuff[40];
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:319:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
obuff += sprintf( obuff, "P!!!!!!!");
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:321:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
obuff += sprintf( obuff, "P%7ld", (long)t0);
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:323:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
obuff += sprintf( obuff, "P%7.2f", t0);
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:325:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
obuff += sprintf( obuff, "/%6.2fd ", t0_in_days);
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:327:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
obuff += sprintf( obuff, " ");
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:332:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
obuff += sprintf( obuff, "P%7.2fm/%5.3fd ",
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:336:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
obuff += sprintf( obuff, "P%7.2fd ", t0_in_days);
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:350:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( obuff, " q ");
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:356:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( obuff, " Q ");
data/pluto-lunar-0.0~git20180825.e34c1d1/sof.cpp:119:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
elem->central_obj = atoi( buff);
data/pluto-lunar-0.0~git20180825.e34c1d1/sof.cpp:180:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ifile = fopen( argv[1], "rb");
data/pluto-lunar-0.0~git20180825.e34c1d1/sof.cpp:181:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header_line[MAX_LEN], buff[MAX_LEN];
data/pluto-lunar-0.0~git20180825.e34c1d1/solseqn.cpp:115:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verbose = 1 + atoi( argv[i] + 2);
data/pluto-lunar-0.0~git20180825.e34c1d1/solseqn.cpp:118:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
output_mask = atoi( argv[i] + 2);
data/pluto-lunar-0.0~git20180825.e34c1d1/solseqn.cpp:121:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output_file = fopen( argv[i] + 2, "w");
data/pluto-lunar-0.0~git20180825.e34c1d1/solseqn.cpp:134:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_buff[80];
data/pluto-lunar-0.0~git20180825.e34c1d1/solseqn.cpp:135:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *season_text[4] =
data/pluto-lunar-0.0~git20180825.e34c1d1/tables.cpp:92:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int i, year = atoi( argv[1]);
data/pluto-lunar-0.0~git20180825.e34c1d1/tables.cpp:104:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
month_start = month_end = atoi( argv[2]);
data/pluto-lunar-0.0~git20180825.e34c1d1/tables.cpp:125:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[80];
data/pluto-lunar-0.0~git20180825.e34c1d1/tables.cpp:134:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( buff, "Su");
data/pluto-lunar-0.0~git20180825.e34c1d1/tables.cpp:142:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( buff + offsets[j], "--:--");
data/pluto-lunar-0.0~git20180825.e34c1d1/tables.cpp:174:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buff + 29, phase_names + quad0 * 3, 2);
data/pluto-lunar-0.0~git20180825.e34c1d1/tables.cpp:180:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *strings[4] =
data/pluto-lunar-0.0~git20180825.e34c1d1/uranus1.cpp:107:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *sat_names[5] = {
data/pluto-lunar-0.0~git20180825.e34c1d1/utc_algo.cpp:70:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int mjd = atoi( argv[1]);
data/pluto-lunar-0.0~git20180825.e34c1d1/utc_algo.cpp:101:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
while( mjd < atoi( argv[2]))
data/pluto-lunar-0.0~git20180825.e34c1d1/utc_test.cpp:44:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int year = (argc > 1 ? atoi( argv[1]) : 1970);
data/pluto-lunar-0.0~git20180825.e34c1d1/utc_test.cpp:45:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int end_year = (argc > 2 ? atoi( argv[2]) : 2040);
data/pluto-lunar-0.0~git20180825.e34c1d1/vsopson.cpp:61:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
assert( ((char *)data)[2] == '&'); /* verify a few bytes at random */
data/pluto-lunar-0.0~git20180825.e34c1d1/vsopson.cpp:62:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
assert( ((char *)data)[20] == 'x');
data/pluto-lunar-0.0~git20180825.e34c1d1/vsopson.cpp:63:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
assert( ((char *)data)[0xea0a] == 'q');
data/pluto-lunar-0.0~git20180825.e34c1d1/vsopson.cpp:98:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if( ((char FAR *)data)[2] == 38)
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:314:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( obuff + strlen( obuff), "x%s", cptr->rms_dec);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:316:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( obuff + strlen( obuff), ",%s", cptr->corr);
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:331:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( obuff, "\n");
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:591:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( cptr->line + 80, "\n");
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:593:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( cptr->line2 + 80, "\n");
data/pluto-lunar-0.0~git20180825.e34c1d1/ades2mpc.cpp:691:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cptr->psv_hdr = (char *)malloc( strlen( buff) + 1);
data/pluto-lunar-0.0~git20180825.e34c1d1/adestags.c:64:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen( tags[i]) + 4;
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:43:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( buff) < 80 || strlen( buff) > 83)
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:43:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( buff) < 80 || strlen( buff) > 83)
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:134:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
record_length = (int)strlen( buff);
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:544:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ilines[n_ilines] = (char *)malloc( strlen( buff) + 1);
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:700:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( tbuff + strlen( tbuff),
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:701:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof( tbuff) - strlen( tbuff),
data/pluto-lunar-0.0~git20180825.e34c1d1/astcheck.cpp:709:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
results[j] = (char *)malloc( strlen( tbuff) + 1);
data/pluto-lunar-0.0~git20180825.e34c1d1/astephem.cpp:102:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( obj_name, " ");
data/pluto-lunar-0.0~git20180825.e34c1d1/astephem.cpp:103:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while( memcmp( buff + 7, obj_name, strlen( obj_name)))
data/pluto-lunar-0.0~git20180825.e34c1d1/astephem.cpp:130:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( object_name, "1"); /* default to Ceres */
data/pluto-lunar-0.0~git20180825.e34c1d1/astephem.cpp:145:19: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( tbuff, " ");
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:71:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buff + strlen( buff), " (JD %ld.5)",
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:74:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
X0 + 7 * XSIZE / 2 - (int)strlen( buff) * 20 / 3,
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:99:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buff + strlen( buff), " %d", year);
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:102:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x0 + (28 - (int)strlen( buff)) * TEXT_XOFFSET / 2, y0, buff);
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:178:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove( buff + 4, buff + 1, strlen( buff));
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:285:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rval[n_found] = (char *)malloc( strlen( names[i]) + 2);
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:342:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rval[n_found] = tptr = (char *)malloc( strlen( phasestr) + 20);
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:515:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int xboxsize = TEXT_XOFFSET + 8 * (int)strlen( buff);
data/pluto-lunar-0.0~git20180825.e34c1d1/calendar.cpp:591:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen( day_of_week_text[i]) * 4,
data/pluto-lunar-0.0~git20180825.e34c1d1/cgi_func.cpp:180:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes_read += strlen( buff + bytes_read);
data/pluto-lunar-0.0~git20180825.e34c1d1/cgicheck.cpp:86:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( buff) > 70)
data/pluto-lunar-0.0~git20180825.e34c1d1/cgicheck.cpp:91:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes_written += fwrite( buff, 1, strlen( buff), ofile);
data/pluto-lunar-0.0~git20180825.e34c1d1/colors.cpp:343:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( buff) > 60)
data/pluto-lunar-0.0~git20180825.e34c1d1/com_file.cpp:262:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove( period_name, period_name + 2, strlen( period_name));
data/pluto-lunar-0.0~git20180825.e34c1d1/com_file.cpp:292:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
periodics[n_periodics] = (char FAR *)FMALLOC( strlen( period_name) + 2);
data/pluto-lunar-0.0~git20180825.e34c1d1/com_file.cpp:323:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cometg_line_size = strlen( buff);
data/pluto-lunar-0.0~git20180825.e34c1d1/com_file.cpp:337:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove( period_name, period_name + 2, strlen( period_name));
data/pluto-lunar-0.0~git20180825.e34c1d1/com_file.cpp:350:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove( buff + 137, buff + 143, strlen( buff + 142));
data/pluto-lunar-0.0~git20180825.e34c1d1/cospar.cpp:96:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove( buff + i, buff + i + 1, strlen( buff + i));
data/pluto-lunar-0.0~git20180825.e34c1d1/eop_prec.cpp:75:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( iline) != eop_iline_len || iline[12] != '.'
data/pluto-lunar-0.0~git20180825.e34c1d1/get_time.cpp:96:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = (int)strlen( str);
data/pluto-lunar-0.0~git20180825.e34c1d1/get_time.cpp:111:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = (int)strlen( str);
data/pluto-lunar-0.0~git20180825.e34c1d1/get_time.cpp:138:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = (int)strlen( istr);
data/pluto-lunar-0.0~git20180825.e34c1d1/get_time.cpp:179:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen( istr);
data/pluto-lunar-0.0~git20180825.e34c1d1/get_time.cpp:194:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove( istr, istr + i, strlen( istr + i) + 1);
data/pluto-lunar-0.0~git20180825.e34c1d1/get_time.cpp:204:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t sublen = strlen( substring);
data/pluto-lunar-0.0~git20180825.e34c1d1/get_time.cpp:206:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove( rval, rval + sublen, strlen( rval + sublen) + 1);
data/pluto-lunar-0.0~git20180825.e34c1d1/get_time.cpp:374:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( time_str) >= sizeof( buff) || !*time_str)
data/pluto-lunar-0.0~git20180825.e34c1d1/get_time.cpp:401:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = (int)strlen( str);
data/pluto-lunar-0.0~git20180825.e34c1d1/get_time.cpp:484:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = (int)strlen( str);
data/pluto-lunar-0.0~git20180825.e34c1d1/get_time.cpp:518:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i = (int)strlen( str); i && str[i - 1] != ' ' && !isalpha( str[i - 1]); i--)
data/pluto-lunar-0.0~git20180825.e34c1d1/get_time.cpp:614:17: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if( sscanf( str, "%79s", tstr) == 1)
data/pluto-lunar-0.0~git20180825.e34c1d1/get_time.cpp:620:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str += strlen( tstr);
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:583:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( buff) > 104)
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:672:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( buff) > 200 && buff[10] == '.' && buff[16] == '.' &&
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:758:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buff[strlen( buff)] = ' ';
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:763:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buff[strlen( buff)] = ' ';
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:781:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( buff, "\n");
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:888:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file_offsets[hash_loc] = ftell( update_file) - strlen( buff);
data/pluto-lunar-0.0~git20180825.e34c1d1/integrat.cpp:905:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( buff, " ");
data/pluto-lunar-0.0~git20180825.e34c1d1/jd.cpp:154:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( buff, " ");
data/pluto-lunar-0.0~git20180825.e34c1d1/jpl2b32.cpp:69:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( buff) > 54 && !memcmp( buff + 17, " = A.D.", 7)
data/pluto-lunar-0.0~git20180825.e34c1d1/jsattest.cpp:69:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( buff) > 56 && !memcmp( buff + 37, "00:00:00.0000 (CT)", 18))
data/pluto-lunar-0.0~git20180825.e34c1d1/miscell.cpp:439:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
show_remainder( buff + strlen( buff), remains - (double)i,
data/pluto-lunar-0.0~git20180825.e34c1d1/miscell.cpp:443:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buff + strlen( buff), " %s",
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:37:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( buff) > 116 && buff[113] == '.')
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:91:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( obuff + strlen( obuff), 45, "%10.6f %10.6f %10.6f %10.8f ",
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:186:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t reclen = strlen( sof_header);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:202:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( buff) == 203 &&
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:210:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( tbuff + strlen( tbuff), "%.4s %.5s ",
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:212:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( tbuff + strlen( tbuff), "%.8s %.5s %.5s\n",
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:214:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert( strlen( tbuff) == reclen);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc2sof.cpp:256:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert( strlen( tbuff) == reclen);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_code.cpp:221:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( i >= 3 && i <= 4 && strlen( buff) >= 30)
data/pluto-lunar-0.0~git20180825.e34c1d1/mpc_fmt.cpp:163:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen( buff);
data/pluto-lunar-0.0~git20180825.e34c1d1/mpcorb.cpp:94:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( buff) > 200 && buff[47] == ' ' && buff[82] == '.' &&
data/pluto-lunar-0.0~git20180825.e34c1d1/mpcorb.cpp:145:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( buff) > 267
data/pluto-lunar-0.0~git20180825.e34c1d1/obliqui2.cpp:533:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fseek( ifile, iloc * (long)strlen( buff), SEEK_SET);
data/pluto-lunar-0.0~git20180825.e34c1d1/persian.cpp:215:27: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
for( year = y1; !mismatch && year < y2; year++)
data/pluto-lunar-0.0~git20180825.e34c1d1/persian.cpp:227:15: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if( !mismatch)
data/pluto-lunar-0.0~git20180825.e34c1d1/ps_1996.cpp:159:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buff += strlen( buff);
data/pluto-lunar-0.0~git20180825.e34c1d1/rckin.cpp:70:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( tptr, ",");
data/pluto-lunar-0.0~git20180825.e34c1d1/rckin.cpp:89:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( tptr, ",");
data/pluto-lunar-0.0~git20180825.e34c1d1/relativi.cpp:258:19: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define _getch getchar
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:135:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( obuff + strlen( obuff), "%+*.*f%+*.*f",
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:164:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
obuff += strlen( obuff) + 1;
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:185:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( obuff + strlen( obuff), " = %s (JD %.6f)",
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:188:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
obuff += strlen( obuff) + 1;
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:197:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i = 0; i < 5 && obuff[strlen( obuff) - (size_t)i - 1] == '0'; i++)
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:199:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
obuff[strlen( obuff) - (size_t)i] = '\0';
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:202:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove( tptr, tptr + i, strlen( tptr) + 1);
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:204:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
obuff += strlen( obuff) + 1;
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:211:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i = (int)strlen( obuff); i < n_digits_to_show + 6; i++)
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:224:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
obuff += strlen( obuff) + 1;
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:254:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
obuff += strlen( obuff);
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:262:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
obuff += strlen( obuff) + 1;
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:272:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i = (int)strlen( obuff); i < n_digits_to_show + 9; i++)
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:275:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
obuff += strlen( obuff);
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:283:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
obuff += strlen( obuff) + 1;
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:294:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
obuff += strlen( obuff);
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:302:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
obuff += strlen( obuff) + 1;
data/pluto-lunar-0.0~git20180825.e34c1d1/showelem.cpp:347:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
obuff += strlen( obuff);
data/pluto-lunar-0.0~git20180825.e34c1d1/sof.cpp:197:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& tptr[strlen( argv[2])] == ' ')
ANALYSIS SUMMARY:
Hits = 620
Lines analyzed = 26335 in approximately 0.97 seconds (27027 lines/second)
Physical Source Lines of Code (SLOC) = 18477
Hits@level = [0] 638 [1] 101 [2] 428 [3] 1 [4] 90 [5] 0
Hits@level+ = [0+] 1258 [1+] 620 [2+] 519 [3+] 91 [4+] 90 [5+] 0
Hits/KSLOC@level+ = [0+] 68.0846 [1+] 33.5552 [2+] 28.089 [3+] 4.92504 [4+] 4.87092 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.