Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pnetcdf-1.12.1/src/include/dispatch.h
Examining data/pnetcdf-1.12.1/src/include/nctypes.h
Examining data/pnetcdf-1.12.1/src/include/pnc_debug.h
Examining data/pnetcdf-1.12.1/src/utils/ncmpidump/vardata.c
Examining data/pnetcdf-1.12.1/src/utils/ncmpidump/vardata.h
Examining data/pnetcdf-1.12.1/src/utils/ncmpidump/ncmpidump.c
Examining data/pnetcdf-1.12.1/src/utils/ncmpidump/dumplib.h
Examining data/pnetcdf-1.12.1/src/utils/ncmpidump/dumplib.c
Examining data/pnetcdf-1.12.1/src/utils/ncmpidump/ncmpidump.h
Examining data/pnetcdf-1.12.1/src/utils/ncvalidator/tst_open.c
Examining data/pnetcdf-1.12.1/src/utils/ncvalidator/ncvalidator.c
Examining data/pnetcdf-1.12.1/src/utils/ncmpidiff/cdfdiff.c
Examining data/pnetcdf-1.12.1/src/utils/ncmpidiff/ncmpidiff.c
Examining data/pnetcdf-1.12.1/src/utils/ncmpigen/generic.h
Examining data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigentab.h
Examining data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.h
Examining data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigen.h
Examining data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigentab.c
Examining data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigenyy.c
Examining data/pnetcdf-1.12.1/src/utils/ncmpigen/init.c
Examining data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c
Examining data/pnetcdf-1.12.1/src/utils/ncmpigen/getfill.c
Examining data/pnetcdf-1.12.1/src/utils/ncmpigen/main.c
Examining data/pnetcdf-1.12.1/src/utils/ncmpigen/escapes.c
Examining data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c
Examining data/pnetcdf-1.12.1/src/utils/pnetcdf_version/pnetcdf_version.c
Examining data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c
Examining data/pnetcdf-1.12.1/src/libs/strcasecmp.c
Examining data/pnetcdf-1.12.1/src/libs/strdup.c
Examining data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_attr.c
Examining data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_file.c
Examining data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_util.c
Examining data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_var.c
Examining data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_mem.c
Examining data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_log_flush.c
Examining data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_driver.c
Examining data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_driver.h
Examining data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_sharedfile.c
Examining data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_misc.c
Examining data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_log.c
Examining data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_dim.c
Examining data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_log_put.c
Examining data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_nonblocking.c
Examining data/pnetcdf-1.12.1/src/drivers/include/common.h
Examining data/pnetcdf-1.12.1/src/drivers/ncfoo/ncfoo_driver.c
Examining data/pnetcdf-1.12.1/src/drivers/ncfoo/ncfoo_var.c
Examining data/pnetcdf-1.12.1/src/drivers/ncfoo/ncfoo_dim.c
Examining data/pnetcdf-1.12.1/src/drivers/ncfoo/ncfoo_driver.h
Examining data/pnetcdf-1.12.1/src/drivers/ncfoo/ncfoo_attr.c
Examining data/pnetcdf-1.12.1/src/drivers/ncfoo/ncfoo_file.c
Examining data/pnetcdf-1.12.1/src/drivers/common/pack_unpack.c
Examining data/pnetcdf-1.12.1/src/drivers/common/error_mpi2nc.c
Examining data/pnetcdf-1.12.1/src/drivers/common/utf8proc.c
Examining data/pnetcdf-1.12.1/src/drivers/common/mem_alloc.c
Examining data/pnetcdf-1.12.1/src/drivers/common/create_imaptype.c
Examining data/pnetcdf-1.12.1/src/drivers/common/hash_map.c
Examining data/pnetcdf-1.12.1/src/drivers/common/check_name.c
Examining data/pnetcdf-1.12.1/src/drivers/common/error_adios2nc.c
Examining data/pnetcdf-1.12.1/src/drivers/common/utf8proc_data.h
Examining data/pnetcdf-1.12.1/src/drivers/common/utf8proc.h
Examining data/pnetcdf-1.12.1/src/drivers/common/dtype_decode.c
Examining data/pnetcdf-1.12.1/src/drivers/common/error_posix2nc.c
Examining data/pnetcdf-1.12.1/src/drivers/common/utils.c
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_bput.c
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_util.c
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_header_put.c
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_NC.h
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_enddef.c
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_create.c
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_file_misc.c
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.h
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_close.c
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_file_io.c
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_hash_func.c
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/header.c
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/util.c
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/macro.h
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/mpincio.c
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/fbits.h
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/filetype.c
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/rnd.h
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/ncmpidtype.h
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/check_start_count_stride.c
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/ncio.h
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/swap.c
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/mpinetcdf.c
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/string.c
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/misc.c
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_header_get.c
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_driver.c
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_open.c
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_driver.h
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_var.c
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_wait.c
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_sync.c
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_vard.c
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_dim.c
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_fill.c
Examining data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_filetype.c
Examining data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_nonblocking.c
Examining data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_dim.c
Examining data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_driver.c
Examining data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_internal.h
Examining data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_driver.h
Examining data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_sync.c
Examining data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_attr.c
Examining data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_lists.c
Examining data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_var.c
Examining data/pnetcdf-1.12.1/src/drivers/ncadios/adios_headers/core/strutil.h
Examining data/pnetcdf-1.12.1/src/drivers/ncadios/adios_headers/core/types.h
Examining data/pnetcdf-1.12.1/src/drivers/ncadios/adios_headers/core/adios_internals.h
Examining data/pnetcdf-1.12.1/src/drivers/ncadios/adios_headers/core/adios_transport_hooks.h
Examining data/pnetcdf-1.12.1/src/drivers/ncadios/adios_headers/core/adios_timing.h
Examining data/pnetcdf-1.12.1/src/drivers/ncadios/adios_headers/core/qhashtbl.h
Examining data/pnetcdf-1.12.1/src/drivers/ncadios/adios_headers/core/adios_bp_v1.h
Examining data/pnetcdf-1.12.1/src/drivers/ncadios/adios_headers/core/transforms/plugindetect/detect_plugin_types.h
Examining data/pnetcdf-1.12.1/src/drivers/ncadios/adios_headers/core/transforms/adios_transforms_specparse.h
Examining data/pnetcdf-1.12.1/src/drivers/ncadios/adios_headers/transforms/transform_plugins.h
Examining data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_misc.c
Examining data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_file.c
Examining data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_internal.c
Examining data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_bp2ncd.c
Examining data/pnetcdf-1.12.1/src/drivers/nc4io/nc4io_driver.c
Examining data/pnetcdf-1.12.1/src/drivers/nc4io/nc4io_driver.h
Examining data/pnetcdf-1.12.1/src/drivers/nc4io/nc4io_dim.c
Examining data/pnetcdf-1.12.1/src/drivers/nc4io/nc4io_file.c
Examining data/pnetcdf-1.12.1/src/drivers/nc4io/nc4io_var.c
Examining data/pnetcdf-1.12.1/src/drivers/nc4io/nc4io_attr.c
Examining data/pnetcdf-1.12.1/src/binding/f77/mpinetcdf_impl.h
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiFloat.h
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiEnumType.h
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpi_notyet.cpp
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiChar.h
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiException.h
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiVarAtt.cpp
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiException.cpp
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiUint.cpp
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiCheck.cpp
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiFloat.cpp
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiByte.cpp
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiGroupAtt.h
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiUshort.cpp
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiInt.cpp
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiCompoundType.h
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiOpaqueType.cpp
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiUshort.h
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiInt.h
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiDim.h
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiShort.cpp
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiShort.h
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiEnumType.cpp
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiCheck.h
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiDouble.h
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiDim.cpp
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiByte.h
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiVar.h
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiGroupAtt.cpp
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiUbyte.h
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiGroup.h
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiInt64.cpp
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiType.cpp
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpi_notyet.h
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiFile.h
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiUint64.cpp
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiInt64.h
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiVar.cpp
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiGroup.cpp
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiOpaqueType.h
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiChar.cpp
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiUint.h
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiCompoundType.cpp
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiUbyte.cpp
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiAtt.cpp
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiVlenType.h
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiType.h
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiFile.cpp
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiAtt.h
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiDouble.cpp
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiVlenType.cpp
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiVarAtt.h
Examining data/pnetcdf-1.12.1/src/binding/cxx/ncmpiUint64.h
Examining data/pnetcdf-1.12.1/src/dispatchers/variable.c
Examining data/pnetcdf-1.12.1/src/dispatchers/attribute.c
Examining data/pnetcdf-1.12.1/src/dispatchers/lib_version.c
Examining data/pnetcdf-1.12.1/src/dispatchers/error_codes.c
Examining data/pnetcdf-1.12.1/src/dispatchers/file.c
Examining data/pnetcdf-1.12.1/src/dispatchers/dimension.c
Examining data/pnetcdf-1.12.1/benchmarks/C/aggregation.c
Examining data/pnetcdf-1.12.1/benchmarks/C/write_block_read_column.c
Examining data/pnetcdf-1.12.1/examples/burst_buffer/create_open.c
Examining data/pnetcdf-1.12.1/examples/burst_buffer/nonblocking.c
Examining data/pnetcdf-1.12.1/examples/CXX/put_vara.cpp
Examining data/pnetcdf-1.12.1/examples/CXX/get_vara.cpp
Examining data/pnetcdf-1.12.1/examples/CXX/vard_int.cpp
Examining data/pnetcdf-1.12.1/examples/CXX/column_wise.cpp
Examining data/pnetcdf-1.12.1/examples/CXX/block_cyclic.cpp
Examining data/pnetcdf-1.12.1/examples/CXX/nonblocking_write.cpp
Examining data/pnetcdf-1.12.1/examples/CXX/collective_write.cpp
Examining data/pnetcdf-1.12.1/examples/CXX/put_varn_float.cpp
Examining data/pnetcdf-1.12.1/examples/CXX/transpose.cpp
Examining data/pnetcdf-1.12.1/examples/CXX/fill_mode.cpp
Examining data/pnetcdf-1.12.1/examples/CXX/hints.cpp
Examining data/pnetcdf-1.12.1/examples/CXX/SimpleXyWr.cpp
Examining data/pnetcdf-1.12.1/examples/CXX/get_info.cpp
Examining data/pnetcdf-1.12.1/examples/CXX/put_varn_int.cpp
Examining data/pnetcdf-1.12.1/examples/CXX/flexible_api.cpp
Examining data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-read-nfiles.c
Examining data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-read-nb.c
Examining data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-write-from-master.c
Examining data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-write-nfiles.c
Examining data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-read-from-master.c
Examining data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-permute.c
Examining data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-write-flexible.c
Examining data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-read-flexible.c
Examining data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-write-standard.c
Examining data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-write-buffered.c
Examining data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-read-standard.c
Examining data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-write-nb.c
Examining data/pnetcdf-1.12.1/examples/adios/read_var_nb.c
Examining data/pnetcdf-1.12.1/examples/adios/read_metadata.c
Examining data/pnetcdf-1.12.1/examples/adios/read_var.c
Examining data/pnetcdf-1.12.1/examples/C/vard_int.c
Examining data/pnetcdf-1.12.1/examples/C/nonblocking_write_in_def.c
Examining data/pnetcdf-1.12.1/examples/C/pthread.c
Examining data/pnetcdf-1.12.1/examples/C/put_vara.c
Examining data/pnetcdf-1.12.1/examples/C/mpi_subarray.c
Examining data/pnetcdf-1.12.1/examples/C/fill_mode.c
Examining data/pnetcdf-1.12.1/examples/C/collective_write.c
Examining data/pnetcdf-1.12.1/examples/C/global_attributes.c
Examining data/pnetcdf-1.12.1/examples/C/vard_mvars.c
Examining data/pnetcdf-1.12.1/examples/C/get_info.c
Examining data/pnetcdf-1.12.1/examples/C/i_varn_int64.c
Examining data/pnetcdf-1.12.1/examples/C/put_varn_float.c
Examining data/pnetcdf-1.12.1/examples/C/ghost_cell.c
Examining data/pnetcdf-1.12.1/examples/C/bput_varn_int64.c
Examining data/pnetcdf-1.12.1/examples/C/nonblocking_write.c
Examining data/pnetcdf-1.12.1/examples/C/flexible_api.c
Examining data/pnetcdf-1.12.1/examples/C/req_all.c
Examining data/pnetcdf-1.12.1/examples/C/transpose2D.c
Examining data/pnetcdf-1.12.1/examples/C/transpose.c
Examining data/pnetcdf-1.12.1/examples/C/get_vara.c
Examining data/pnetcdf-1.12.1/examples/C/hints.c
Examining data/pnetcdf-1.12.1/examples/C/block_cyclic.c
Examining data/pnetcdf-1.12.1/examples/C/column_wise.c
Examining data/pnetcdf-1.12.1/examples/C/create_open.c
Examining data/pnetcdf-1.12.1/examples/C/bput_varn_uint.c
Examining data/pnetcdf-1.12.1/examples/C/mput.c
Examining data/pnetcdf-1.12.1/examples/C/time_var.c
Examining data/pnetcdf-1.12.1/examples/C/put_varn_int.c
Examining data/pnetcdf-1.12.1/test/nc4/tst_get_put_size.c
Examining data/pnetcdf-1.12.1/test/nc4/rd_compressed.c
Examining data/pnetcdf-1.12.1/test/nc4/noclobber.c
Examining data/pnetcdf-1.12.1/test/nc4/simple_xy.c
Examining data/pnetcdf-1.12.1/test/nc4/compressed.c
Examining data/pnetcdf-1.12.1/test/nc4/pres_temp_4D.c
Examining data/pnetcdf-1.12.1/test/nc4/notsupport.c
Examining data/pnetcdf-1.12.1/test/nc4/tst_2_rec_dims.c
Examining data/pnetcdf-1.12.1/test/nc4/tst_rec_vars.c
Examining data/pnetcdf-1.12.1/test/nc4/tst_zero_req.c
Examining data/pnetcdf-1.12.1/test/burst_buffer/bb_hints.c
Examining data/pnetcdf-1.12.1/test/burst_buffer/highdim.c
Examining data/pnetcdf-1.12.1/test/burst_buffer/bb_bsize.c
Examining data/pnetcdf-1.12.1/test/burst_buffer/bb_many_reqs.c
Examining data/pnetcdf-1.12.1/test/burst_buffer/varn.c
Examining data/pnetcdf-1.12.1/test/burst_buffer/bb_nonblocking.c
Examining data/pnetcdf-1.12.1/test/subfile/test_subfile.c
Examining data/pnetcdf-1.12.1/test/nonblocking/interleaved.c
Examining data/pnetcdf-1.12.1/test/nonblocking/wait_after_indep.c
Examining data/pnetcdf-1.12.1/test/nonblocking/large_num_reqs.c
Examining data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c
Examining data/pnetcdf-1.12.1/test/nonblocking/i_varn_int64.c
Examining data/pnetcdf-1.12.1/test/nonblocking/req_all.c
Examining data/pnetcdf-1.12.1/test/nonblocking/test_bput.c
Examining data/pnetcdf-1.12.1/test/nonblocking/i_varn_indef.c
Examining data/pnetcdf-1.12.1/test/nonblocking/flexible_bput.c
Examining data/pnetcdf-1.12.1/test/nf90_test/fortlib.c
Examining data/pnetcdf-1.12.1/test/common/testutils.c
Examining data/pnetcdf-1.12.1/test/common/testutils.h
Examining data/pnetcdf-1.12.1/test/cdf_format/test_inq_format.c
Examining data/pnetcdf-1.12.1/test/cdf_format/dim_cdf12.c
Examining data/pnetcdf-1.12.1/test/cdf_format/tst_open_cdf5.c
Examining data/pnetcdf-1.12.1/test/cdf_format/tst_corrupt.c
Examining data/pnetcdf-1.12.1/test/cdf_format/cdf_type.c
Examining data/pnetcdf-1.12.1/test/header/header_consistency.c
Examining data/pnetcdf-1.12.1/test/header/Legacy/test_check_header.c
Examining data/pnetcdf-1.12.1/test/header/Legacy/test_check_header1.c
Examining data/pnetcdf-1.12.1/test/Legacy/test_double_int/test_write.c
Examining data/pnetcdf-1.12.1/test/Legacy/test_double_int/test_write_indep.c
Examining data/pnetcdf-1.12.1/test/Legacy/test_double_int/test_read.c
Examining data/pnetcdf-1.12.1/test/Legacy/test_double_int/test_read_indep.c
Examining data/pnetcdf-1.12.1/test/Legacy/test_double/test_write.c
Examining data/pnetcdf-1.12.1/test/Legacy/test_double/test_write_indep.c
Examining data/pnetcdf-1.12.1/test/Legacy/test_double/test_read.c
Examining data/pnetcdf-1.12.1/test/Legacy/test_double/test_read_indep.c
Examining data/pnetcdf-1.12.1/test/Legacy/test_dtype/test_dtype.h
Examining data/pnetcdf-1.12.1/test/Legacy/test_dtype/test_subarray.c
Examining data/pnetcdf-1.12.1/test/Legacy/test_dtype/test_darray.c
Examining data/pnetcdf-1.12.1/test/Legacy/test_dtype/test_nonblocking.c
Examining data/pnetcdf-1.12.1/test/Legacy/test_float/test_write.c
Examining data/pnetcdf-1.12.1/test/Legacy/test_float/test_write_indep.c
Examining data/pnetcdf-1.12.1/test/Legacy/test_float/test_read.c
Examining data/pnetcdf-1.12.1/test/Legacy/test_float/test_read_indep.c
Examining data/pnetcdf-1.12.1/test/Legacy/test_int/test_write.c
Examining data/pnetcdf-1.12.1/test/Legacy/test_int/test_write_indep.c
Examining data/pnetcdf-1.12.1/test/Legacy/test_int/test_read.c
Examining data/pnetcdf-1.12.1/test/Legacy/test_int/test_read64.c
Examining data/pnetcdf-1.12.1/test/Legacy/test_int/test_read_indep.c
Examining data/pnetcdf-1.12.1/test/Legacy/test_int/test_write64.c
Examining data/pnetcdf-1.12.1/test/CXX/test_classic.cpp
Examining data/pnetcdf-1.12.1/test/CXX/nctst.cpp
Examining data/pnetcdf-1.12.1/test/fandc/csnap.c
Examining data/pnetcdf-1.12.1/test/fandc/pnctest.c
Examining data/pnetcdf-1.12.1/test/largefile/large_dims_vars_attrs.c
Examining data/pnetcdf-1.12.1/test/largefile/tst_cdf5_begin.c
Examining data/pnetcdf-1.12.1/test/largefile/high_dim_var.c
Examining data/pnetcdf-1.12.1/test/largefile/large_coalesce.c
Examining data/pnetcdf-1.12.1/test/largefile/large_files.c
Examining data/pnetcdf-1.12.1/test/largefile/large_var.c
Examining data/pnetcdf-1.12.1/test/nf_test/fortlib.c
Examining data/pnetcdf-1.12.1/test/adios/vars.c
Examining data/pnetcdf-1.12.1/test/adios/varm.c
Examining data/pnetcdf-1.12.1/test/adios/indep.c
Examining data/pnetcdf-1.12.1/test/adios/header.c
Examining data/pnetcdf-1.12.1/test/adios/var.c
Examining data/pnetcdf-1.12.1/test/adios/att.c
Examining data/pnetcdf-1.12.1/test/adios/ivars.c
Examining data/pnetcdf-1.12.1/test/adios/ivar.c
Examining data/pnetcdf-1.12.1/test/adios/ivarm.c
Examining data/pnetcdf-1.12.1/test/adios/open.c
Examining data/pnetcdf-1.12.1/test/nc_test/tst_names.c
Examining data/pnetcdf-1.12.1/test/nc_test/tst_atts3.c
Examining data/pnetcdf-1.12.1/test/nc_test/util.c
Examining data/pnetcdf-1.12.1/test/nc_test/t_nc.c
Examining data/pnetcdf-1.12.1/test/nc_test/tst_small.c
Examining data/pnetcdf-1.12.1/test/nc_test/error.c
Examining data/pnetcdf-1.12.1/test/nc_test/tst_nofill.c
Examining data/pnetcdf-1.12.1/test/nc_test/error.h
Examining data/pnetcdf-1.12.1/test/nc_test/tst_misc.c
Examining data/pnetcdf-1.12.1/test/nc_test/tst_atts.c
Examining data/pnetcdf-1.12.1/test/nc_test/nc_test.c
Examining data/pnetcdf-1.12.1/test/nc_test/tst_norm.c
Examining data/pnetcdf-1.12.1/test/C/pres_temp_4D_wr.c
Examining data/pnetcdf-1.12.1/test/C/pres_temp_4D_rd.c
Examining data/pnetcdf-1.12.1/test/C/Legacy/simple_xy_wr.c
Examining data/pnetcdf-1.12.1/test/C/Legacy/sfc_pres_temp_rd.c
Examining data/pnetcdf-1.12.1/test/C/Legacy/sfc_pres_temp_wr.c
Examining data/pnetcdf-1.12.1/test/C/Legacy/simple_xy_rd.c
Examining data/pnetcdf-1.12.1/test/testcases/tst_max_var_dims.c
Examining data/pnetcdf-1.12.1/test/testcases/test_vard.c
Examining data/pnetcdf-1.12.1/test/testcases/noclobber.c
Examining data/pnetcdf-1.12.1/test/testcases/tst_info.c
Examining data/pnetcdf-1.12.1/test/testcases/check_type.c
Examining data/pnetcdf-1.12.1/test/testcases/test_vard_multiple.c
Examining data/pnetcdf-1.12.1/test/testcases/collective_error.c
Examining data/pnetcdf-1.12.1/test/testcases/one_record.c
Examining data/pnetcdf-1.12.1/test/testcases/last_large_var.c
Examining data/pnetcdf-1.12.1/test/testcases/test_vard_rec.c
Examining data/pnetcdf-1.12.1/test/testcases/inq_num_vars.c
Examining data/pnetcdf-1.12.1/test/testcases/mix_collectives.c
Examining data/pnetcdf-1.12.1/test/testcases/large_var_cdf5.c
Examining data/pnetcdf-1.12.1/test/testcases/profile.c
Examining data/pnetcdf-1.12.1/test/testcases/flexible.c
Examining data/pnetcdf-1.12.1/test/testcases/flexible_varm.c
Examining data/pnetcdf-1.12.1/test/testcases/flexible2.c
Examining data/pnetcdf-1.12.1/test/testcases/ivarn.c
Examining data/pnetcdf-1.12.1/test/testcases/modes.c
Examining data/pnetcdf-1.12.1/test/testcases/redef1.c
Examining data/pnetcdf-1.12.1/test/testcases/tst_version.c
Examining data/pnetcdf-1.12.1/test/testcases/scalar.c
Examining data/pnetcdf-1.12.1/test/testcases/tst_free_comm.c
Examining data/pnetcdf-1.12.1/test/testcases/test_varm.c
Examining data/pnetcdf-1.12.1/test/testcases/alignment_test.c
Examining data/pnetcdf-1.12.1/test/testcases/record.c
Examining data/pnetcdf-1.12.1/test/testcases/varn_int.c
Examining data/pnetcdf-1.12.1/test/testcases/nc_null_args.c
Examining data/pnetcdf-1.12.1/test/testcases/ncmpi_vars_null_stride.c
Examining data/pnetcdf-1.12.1/test/testcases/inq_recsize.c
Examining data/pnetcdf-1.12.1/test/testcases/tst_dimsizes.c
Examining data/pnetcdf-1.12.1/test/testcases/tst_def_var_fill.c
Examining data/pnetcdf-1.12.1/test/testcases/varn_contig.c
Examining data/pnetcdf-1.12.1/test/testcases/buftype_free.c
Examining data/pnetcdf-1.12.1/test/testcases/vectors.c
Examining data/pnetcdf-1.12.1/test/testcases/test_fillvalue.c
Examining data/pnetcdf-1.12.1/test/testcases/tst_pthread.c
Examining data/pnetcdf-1.12.1/test/testcases/nonblocking.c
Examining data/pnetcdf-1.12.1/test/testcases/check_striping.c
Examining data/pnetcdf-1.12.1/test/testcases/add_var.c
Examining data/pnetcdf-1.12.1/test/testcases/test_erange.c
Examining data/pnetcdf-1.12.1/coverity_model.c
FINAL RESULTS:
data/pnetcdf-1.12.1/test/nc_test/t_nc.c:415:2: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(str);
data/pnetcdf-1.12.1/test/nc_test/t_nc.c:418:2: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(str);
data/pnetcdf-1.12.1/benchmarks/C/aggregation.c:520:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/benchmarks/C/write_block_read_column.c:327:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/C/block_cyclic.c:96:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/C/bput_varn_int64.c:117:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/C/bput_varn_uint.c:93:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/C/collective_write.c:61:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/C/column_wise.c:83:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/C/create_open.c:47:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/C/fill_mode.c:80:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/C/flexible_api.c:97:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/C/get_info.c:58:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/C/get_vara.c:76:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/C/ghost_cell.c:92:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/C/global_attributes.c:54:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/C/hints.c:54:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/C/i_varn_int64.c:94:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/C/mput.c:67:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/C/nonblocking_write.c:58:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/C/nonblocking_write_in_def.c:60:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/C/pthread.c:155:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/C/pthread.c:211:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s.%d", ((thread_arg*)arg)->fname, id);
data/pnetcdf-1.12.1/examples/C/pthread.c:271:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s.%d", ((thread_arg*)arg)->fname, id);
data/pnetcdf-1.12.1/examples/C/pthread.c:386:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(t_arg[i].fname, "%s",filename);
data/pnetcdf-1.12.1/examples/C/put_vara.c:81:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/C/put_varn_float.c:59:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/C/put_varn_int.c:67:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/C/req_all.c:75:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/C/time_var.c:82:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/C/transpose.c:56:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/C/transpose2D.c:77:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/C/vard_int.c:67:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/C/vard_mvars.c:105:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/adios/read_metadata.c:35:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/adios/read_var.c:57:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/adios/read_var_nb.c:57:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/burst_buffer/create_open.c:59:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/examples/burst_buffer/nonblocking.c:85:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/src/dispatchers/attribute.c:196:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (rank == 0) strcpy(root_name, name);
data/pnetcdf-1.12.1/src/dispatchers/attribute.c:309:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (rank == 0) strcpy(root_name, name);
data/pnetcdf-1.12.1/src/dispatchers/attribute.c:327:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(root_name, newname);
data/pnetcdf-1.12.1/src/dispatchers/attribute.c:419:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (rank == 0) strcpy(root_name, name);
data/pnetcdf-1.12.1/src/dispatchers/dimension.c:128:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (rank == 0) strcpy(root_name, name);
data/pnetcdf-1.12.1/src/dispatchers/dimension.c:308:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (rank == 0) strcpy(root_name, newname);
data/pnetcdf-1.12.1/src/dispatchers/error_codes.c:566:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(unknown_str,"System error code %d (%s)",err,cp);
data/pnetcdf-1.12.1/src/dispatchers/file.c:494:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pncp->path, path);
data/pnetcdf-1.12.1/src/dispatchers/file.c:758:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pncp->path, path);
data/pnetcdf-1.12.1/src/dispatchers/file.c:1421:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(path, pncp->path);
data/pnetcdf-1.12.1/src/dispatchers/variable.c:150:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (rank == 0) strcpy(root_name, name);
data/pnetcdf-1.12.1/src/dispatchers/variable.c:675:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (rank == 0) strcpy(root_name, newname);
data/pnetcdf-1.12.1/src/drivers/common/hash_map.c:82:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_node->key, key);
data/pnetcdf-1.12.1/src/drivers/common/mem_alloc.c:112:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(node->func, func);
data/pnetcdf-1.12.1/src/drivers/common/mem_alloc.c:114:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(node->filename, filename);
data/pnetcdf-1.12.1/src/drivers/nc4io/nc4io_file.c:93:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nc4p->path, filename);
data/pnetcdf-1.12.1/src/drivers/nc4io/nc4io_file.c:147:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nc4p->path, filename);
data/pnetcdf-1.12.1/src/drivers/nc4io/nc4io_file.c:362:30: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (path != NULL) strcpy(path, nc4p->path);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_attr.c:48:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, ncadp->fp->attr_namelist[attid]);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_attr.c:64:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, ncadp->fp->attr_namelist[attid] + strlen(var.name) + 1);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_attr.c:110:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(attname, "%s/%s", var.name, name);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_attr.c:158:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(attname, "/%s/%s", ncadp->vars.data[varid].name, name);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_attr.c:245:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(attname, "/%s/%s", ncadp->vars.data[varid].name, name);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_bp2ncd.c:69:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fullname, "%s_%s", new_path, name);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_bp2ncd.c:71:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fullname,new_path);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_bp2ncd.c:77:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fullname, "%s%s", new_path, name);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_bp2ncd.c:79:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fullname,new_path);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_bp2ncd.c:84:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fullname, name);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_bp2ncd.c:232:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dimname,"%s_%zu",fullname,rank);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_bp2ncd.c:299:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dimname,"%s_%zu", fullname,rank);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_bp2ncd.c:582:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(var_dims[var_dims_count].dimname,pg_header.time_index_name);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_bp2ncd.c:623:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(var_dims [var_dims_count].dimname,var_header.name);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_dim.c:63:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, ncadp->dims.data[dimid].name);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_file.c:85:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ncadp->path, path);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_file.c:291:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, ncadp->path);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_internal.c:60:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(var.name, name);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_internal.c:79:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dim.name, name);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_internal.c:94:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, ncadp->fp->attr_namelist[i]);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_sync.c:56:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur, ncadp->dims.data[i].name);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_sync.c:77:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur, ncadp->vars.data[i].name);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_var.c:114:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, var.name);
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_file.c:80:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ncbbp->path, path);
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_file.c:134:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ncbbp->path, path);
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_log.c:190:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ncbbp->metalogpath, "%s%s_%d_%d.meta", logbase, fname,
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_log.c:192:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ncbbp->datalogpath, "%s%s_%d_%d.data", logbase, fname,
data/pnetcdf-1.12.1/src/drivers/ncfoo/ncfoo_file.c:78:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(foo->path, path);
data/pnetcdf-1.12.1/src/drivers/ncfoo/ncfoo_file.c:125:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(foo->path, path);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/misc.c:157:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (safe_mode) printf(msg, WARN_STR, attr, root, local);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/misc.c:160:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (safe_mode) printf(msg, WARN_STR, attr, j, root, local);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/misc.c:376:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (safe_mode) printf(msg, WARN_STR, var, root, local);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/misc.c:379:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (safe_mode) printf(msg, WARN_STR, var, j, root, local);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/misc.c:910:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str," Record variable \"%20s\": ",(*vpp)->name->cp);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/misc.c:912:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"non-record variable \"%20s\": ",(*vpp)->name->cp);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/mpincio.c:84:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy((char *)nciop->path, path);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/mpincio.c:224:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(filename, F_OK) == 0) file_exist = 1;
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/mpincio.c:347:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, F_OK) == 0) file_exist = 1;
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/mpinetcdf.c:240:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(env_str_cpy, env_str);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/mpinetcdf.c:421:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(env_str_cpy, env_str);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/mpinetcdf.c:989:30: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (path != NULL) strcpy(path, ncp->nciop->path);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_create.c:88:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(filename, F_OK) == 0) file_exist = 1;
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_create.c:217:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ncp->path, path);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_dim.c:46:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((*dimp)->name, rdimp->name);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_dim.c:280:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, dimp->name);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_file_misc.c:317:32: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(path, ncp->path);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_open.c:66:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, F_OK) == 0) file_exist = 1;
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_open.c:121:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ncp->path, path);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:37:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, #fn_name_ " failed at line %d, mpireturn=%d: %s\n", \
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:124:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path_sf, "%s.subfile_%i.%s", ncp->path, color, "nc");
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:186:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path_sf, "%s.subfile_%i.%s", ncp->path, color, "nc");
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:364:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s.%s", dim_name, vpp[i]->name);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:375:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key[jj][j], "_PnetCDF_SubFiling.range(%s).subfile.%d", dim_name, jj); /* dim name*/
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:585:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key, "_PnetCDF_SubFiling.range(%s).subfile.%d", org_dim_name, i); /* dim name*/
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:665:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_st, ">> rank(%d): subfile(%d): var(%s): start(", myrank, i, varp->name);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:670:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str_st, str_t1);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:672:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str_ct, str_t1);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:674:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str_st_org, str_t1);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:938:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str_st, str_t1);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:940:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str_ct, str_t1);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:942:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str_st_org, str_t1);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_var.c:87:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, rvarp->name);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_var.c:496:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, varp->name);
data/pnetcdf-1.12.1/src/libs/strdup.c:12:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr, str);
data/pnetcdf-1.12.1/src/utils/ncmpidump/dumplib.c:42:12: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) vfprintf(stderr,fmt,args) ;
data/pnetcdf-1.12.1/src/utils/ncmpidump/ncmpidump.c:110:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new, cp); /* copy last component of path */
data/pnetcdf-1.12.1/src/utils/ncmpidump/ncmpidump.c:267:24: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) sprintf(gps, float_att_fmt, ff);
data/pnetcdf-1.12.1/src/utils/ncmpidump/ncmpidump.c:273:24: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) sprintf(gps, double_att_fmt, dd);
data/pnetcdf-1.12.1/src/utils/ncmpidump/ncmpidump.c:628:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*cpp, cp);
data/pnetcdf-1.12.1/src/utils/ncmpidump/ncmpidump.h:16:25: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define Printf (void) printf
data/pnetcdf-1.12.1/src/utils/ncmpidump/vardata.c:166:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(sout, FILL_STRING); \
data/pnetcdf-1.12.1/src/utils/ncmpidump/vardata.c:170:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(sout, fmt, val); \
data/pnetcdf-1.12.1/src/utils/ncmpidump/vardata.c:210:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) sprintf(sout, FILL_STRING);
data/pnetcdf-1.12.1/src/utils/ncmpidump/vardata.c:214:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) sprintf(sout, fmt, val);
data/pnetcdf-1.12.1/src/utils/ncmpidump/vardata.c:236:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) sprintf(sout, FILL_STRING);
data/pnetcdf-1.12.1/src/utils/ncmpidump/vardata.c:240:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) sprintf(sout, fmt, val);
data/pnetcdf-1.12.1/src/utils/ncmpidump/vardata.c:398:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) sprintf(sout, fmt, *vals++);
data/pnetcdf-1.12.1/src/utils/ncmpidump/vardata.c:408:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) sprintf(sout, fmt, *vals++);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:299:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "main(int argc, char **argv) {\t\t\t/* create %s */", filename);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:311:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, " int %s_dim;", dims[idim].lname);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:319:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, " MPI_Offset %s_len = NC_UNLIMITED;",
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:322:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, " MPI_Offset %s_len = %lu;",
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:339:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, " int %s_id;", vars[ivar].lname);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:346:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "# define RANK_%s %d", vars[ivar].lname,
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:355:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, " int %s_dims[RANK_%s];",
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:376:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:394:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:398:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:402:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, " stat = ncmpi_create(MPI_COMM_WORLD, \"%s\", NC_CLOBBER, MPI_INFO_NULL, &ncid);",
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:414:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:428:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:436:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:444:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:464:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:477:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, " %s_%s[%d] = %s;",
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:486:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:673:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "integer %s_dim", dims[idim].lname);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:679:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "integer %s_len", dims[idim].lname);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:684:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "parameter (%s_len = NFMPI_UNLIMITED)",
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:687:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "parameter (%s_len = %lu)",
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:704:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "integer %s_id", vars[ivar].lname);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:710:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "integer %s_rank", vars[ivar].lname);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:714:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "parameter (%s_rank = %d)", vars[ivar].lname,
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:722:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "integer %s_dims(%s_rank)",
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:746:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "%s %s", ncftype(v->type),
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:749:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "%s %s(", ncftype(v->type),
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:753:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s2, "%s_len, ",
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:755:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmnt, s2);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:782:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "%s %sval(%lu)", ncftype(types[itype]),
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:793:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "iret = nfmpi_create(\'%s\', OR(NF_CLOBBER|NF_64BIT_OFFSET), ncid)", filename);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:795:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "iret = nfmpi_create(\'%s\', OR(NF_CLOBBER|NF_64BIT_DATA), ncid)", filename);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:797:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "iret = nfmpi_create(\'%s\', NF_CLOBBER, ncid)", filename);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:807:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "iret = nfmpi_def_dim(ncid, \'%s\', NFMPI_UNLIMITED, %s_dim)",
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:810:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "iret = nfmpi_def_dim(ncid, \'%s\', %lu, %s_dim)",
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:822:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "%s_dims(%d) = %s_dim",
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:829:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:837:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:856:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:869:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "%sval(%d) = %s",
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:877:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1289:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cp, tstr);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1322:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cp, tstr);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1435:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s2, "%s_id,", v->lname);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1436:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmnt, s2);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1459:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s2, "%s_id,", v->lname);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1460:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmnt, s2);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1477:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "integer %s_id", v->lname);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1496:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "integer %s_len", dims[idim].lname);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1498:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "parameter (%s_len = %lu)",
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1509:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "integer %s_rank", v->lname);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1516:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "parameter (%s_rank = %d)", v->lname,
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1526:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1540:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "integer %s_nr", v->lname);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1543:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "parameter (%s_nr = %lu)",
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1546:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "parameter (%s_nr = 1)",
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1552:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "%s %s(", ncftype(v->type),
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1557:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s2, "%s_nr, ", v->lname);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1559:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s2, "%s_len, ",
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1562:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmnt, s2);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1589:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,"data %s /%lu * %s/", v->lname,
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1603:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "* store %s", v->name);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1607:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "%s_start(%d) = 1", v->lname, idim+1);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1611:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "%s_count(%d) = %s_len", v->lname,
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1615:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "%s_count(%d) = %s_nr", v->lname,
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1620:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1624:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1669:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(filename,netcdfname);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1733:12: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) vfprintf(stderr,fmt,args) ;
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.h:38:26: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 1, 2)))
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:21:23: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define fpr (void) fprintf
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:86:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, " {\t\t\t/* store %s */", vars[varnum].name);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:91:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, " static MPI_Offset %s_start[RANK_%s];",
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:95:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, " static MPI_Offset %s_count[RANK_%s];",
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:101:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, " static %s %s[] = {",
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:109:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s2, "%s", val_string);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:190:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmnt, s2);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:193:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(stmnt,s2);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:236:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmnt, s2);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:239:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(stmnt,s2);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:249:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:257:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, " %s_start[%d] = 0;",
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:264:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, " %s_count[%d] = %s_len;",
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:273:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:283:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:293:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, " static %s %s = ",
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:301:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s2, "'%s'", &val_string[1]);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:353:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:384:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, t);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:387:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s, t);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:418:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "data %s /",vars[varnum].lname);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:425:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s2, "%s, ", val_string);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:529:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dup_stmnt, stmnt); /* ULTRIX missing strdup */
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:550:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "* store %s", v->name);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:565:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "iret = nf_put_var_%s(ncid, %s_id, %s)",
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:569:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "iret = nf_put_var_%s(ncid, %s_id, %s)",
data/pnetcdf-1.12.1/src/utils/ncmpigen/main.c:133:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(lang_name, optarg);
data/pnetcdf-1.12.1/src/utils/ncmpigen/main.c:158:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(netcdf_name,optarg);
data/pnetcdf-1.12.1/src/utils/ncmpigen/main.c:170:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(version_name, optarg);
data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigentab.c:551:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy (sp -> name, sname);
data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigentab.c:824:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(dims[ndims].name, yyvsp[0]->name);
data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigentab.c:898:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(vars[nvars].name, yyvsp[0]->name);
data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigentab.c:985:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(atts[natts].name,yyvsp[0]->name);
data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigenyy.c:1149:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errstr,"bad byte constant: %s",(char*)ncmpitext);
data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigenyy.c:1154:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errstr,"byte constant out of range (-128,127): %s",(char*)ncmpitext);
data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigenyy.c:1165:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errstr,"bad long or double constant: %s",(char*)ncmpitext);
data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigenyy.c:1176:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errstr,"bad float constant: %s",(char*)ncmpitext);
data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigenyy.c:1187:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errstr,"bad short constant: %s",(char*)ncmpitext);
data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigenyy.c:1201:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errstr,"bad numerical constant: %s",(char*)ncmpitext);
data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigenyy.c:1221:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errstr,"bad long constant: %s",(char*)ncmpitext);
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:1889:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, cmd);
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:2079:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(type_str,"%-6s", type_name(varp->type));
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:2092:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line,"%s(", varp->name->cp);
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:2100:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s%s", dimp->name->cp, j < ndims-1 ? ", " : ")");
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:2101:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, str);
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:2110:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(type_str,"%-6s", type_name(varp->type));
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:2171:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(type_str,"%-6s", type_name(varp->type));
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:2184:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line,"%s(", varp->name->cp);
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:2190:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s%s", dimp->name->cp, (j<ndims-1)?", ":")");
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:2191:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, str);
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:2199:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(type_str,"%-6s", type_name(varp->type));
data/pnetcdf-1.12.1/src/utils/ncvalidator/ncvalidator.c:748:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(xloc,"var %s:",ncp->vars.value[i]->name);
data/pnetcdf-1.12.1/src/utils/ncvalidator/ncvalidator.c:1397:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(xloc,"%s \"%s\"",loc,name);
data/pnetcdf-1.12.1/src/utils/ncvalidator/ncvalidator.c:1508:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(xloc, "%s attribute", loc);
data/pnetcdf-1.12.1/src/utils/ncvalidator/ncvalidator.c:1631:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(xloc,"%s \"%s\"",loc,name);
data/pnetcdf-1.12.1/src/utils/ncvalidator/ncvalidator.c:1693:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(xloc,"%s \"%s\"",loc,name);
data/pnetcdf-1.12.1/src/utils/ncvalidator/ncvalidator.c:2250:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/src/utils/ncvalidator/tst_open.c:69:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** %s detecting corrupted file %s",
data/pnetcdf-1.12.1/src/utils/pnetcdf_version/pnetcdf_version.c:34:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, help, argv0);
data/pnetcdf-1.12.1/test/C/pres_temp_4D_rd.c:113:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for reading NetCDF-4 file", basename(argv[0]));
data/pnetcdf-1.12.1/test/C/pres_temp_4D_rd.c:115:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for reading classic file", basename(argv[0]));
data/pnetcdf-1.12.1/test/C/pres_temp_4D_rd.c:245:13: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(FAIL_STR, nerrs);
data/pnetcdf-1.12.1/test/C/pres_temp_4D_rd.c:247:13: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(PASS_STR);
data/pnetcdf-1.12.1/test/C/pres_temp_4D_wr.c:115:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for writing NetCDF-4 file", basename(argv[0]));
data/pnetcdf-1.12.1/test/C/pres_temp_4D_wr.c:117:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for writing classic file", basename(argv[0]));
data/pnetcdf-1.12.1/test/C/pres_temp_4D_wr.c:288:13: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(FAIL_STR, nerrs);
data/pnetcdf-1.12.1/test/C/pres_temp_4D_wr.c:290:13: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(PASS_STR);
data/pnetcdf-1.12.1/test/CXX/nctst.cpp:318:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, s);
data/pnetcdf-1.12.1/test/CXX/nctst.cpp:525:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C++ %s for APIs with different netCDF formats ", basename(argv[0]));
data/pnetcdf-1.12.1/test/CXX/nctst.cpp:574:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/CXX/nctst.cpp:575:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/CXX/test_classic.cpp:33:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C++ %s for creation of classic format file", basename(argv[0]));
data/pnetcdf-1.12.1/test/CXX/test_classic.cpp:95:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/CXX/test_classic.cpp:96:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/adios/att.c:44:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(filename, FILE_NAME);
data/pnetcdf-1.12.1/test/adios/att.c:48:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str,
data/pnetcdf-1.12.1/test/adios/att.c:132:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/adios/att.c:133:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/adios/header.c:84:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str,
data/pnetcdf-1.12.1/test/adios/header.c:132:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/adios/header.c:133:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/adios/indep.c:55:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(filename, FILE_NAME);
data/pnetcdf-1.12.1/test/adios/indep.c:59:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str,
data/pnetcdf-1.12.1/test/adios/indep.c:101:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/adios/indep.c:102:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/adios/ivar.c:57:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(filename, FILE_NAME);
data/pnetcdf-1.12.1/test/adios/ivar.c:61:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str,
data/pnetcdf-1.12.1/test/adios/ivar.c:213:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/adios/ivar.c:214:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/adios/ivarm.c:54:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(filename, FILE_NAME);
data/pnetcdf-1.12.1/test/adios/ivarm.c:58:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str,
data/pnetcdf-1.12.1/test/adios/ivarm.c:97:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/adios/ivarm.c:98:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/adios/ivars.c:54:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(filename, FILE_NAME);
data/pnetcdf-1.12.1/test/adios/ivars.c:58:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str,
data/pnetcdf-1.12.1/test/adios/ivars.c:97:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/adios/ivars.c:98:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/adios/open.c:47:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(filename, FILE_NAME);
data/pnetcdf-1.12.1/test/adios/open.c:51:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str,
data/pnetcdf-1.12.1/test/adios/open.c:66:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/adios/open.c:67:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/adios/var.c:54:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(filename, FILE_NAME);
data/pnetcdf-1.12.1/test/adios/var.c:58:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str,
data/pnetcdf-1.12.1/test/adios/var.c:156:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/adios/var.c:157:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/adios/varm.c:55:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(filename, FILE_NAME);
data/pnetcdf-1.12.1/test/adios/varm.c:59:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str,
data/pnetcdf-1.12.1/test/adios/varm.c:97:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/adios/varm.c:98:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/adios/vars.c:54:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(filename, FILE_NAME);
data/pnetcdf-1.12.1/test/adios/vars.c:58:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str,
data/pnetcdf-1.12.1/test/adios/vars.c:94:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/adios/vars.c:95:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/burst_buffer/bb_bsize.c:61:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for checking request > buffer size", basename(argv[0]));
data/pnetcdf-1.12.1/test/burst_buffer/bb_bsize.c:188:19: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerr) printf(FAIL_STR, nerr);
data/pnetcdf-1.12.1/test/burst_buffer/bb_bsize.c:189:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/burst_buffer/bb_hints.c:54:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for checking offsets of new variables ", basename(argv[0]));
data/pnetcdf-1.12.1/test/burst_buffer/bb_hints.c:118:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/burst_buffer/bb_hints.c:119:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/burst_buffer/bb_many_reqs.c:53:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for burst buffer big requests", basename(argv[0]));
data/pnetcdf-1.12.1/test/burst_buffer/bb_many_reqs.c:142:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR, nerrs);
data/pnetcdf-1.12.1/test/burst_buffer/bb_many_reqs.c:143:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/burst_buffer/bb_nonblocking.c:50:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for when requests are > buffer size", basename(argv[0]));
data/pnetcdf-1.12.1/test/burst_buffer/bb_nonblocking.c:121:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR, nerrs);
data/pnetcdf-1.12.1/test/burst_buffer/bb_nonblocking.c:122:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/burst_buffer/highdim.c:94:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for high dimensional variables", basename(argv[0]));
data/pnetcdf-1.12.1/test/burst_buffer/highdim.c:222:19: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerr) printf(FAIL_STR, nerr);
data/pnetcdf-1.12.1/test/burst_buffer/highdim.c:223:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/burst_buffer/varn.c:52:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for when requests are > buffer size", basename(argv[0]));
data/pnetcdf-1.12.1/test/burst_buffer/varn.c:133:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR, nerrs);
data/pnetcdf-1.12.1/test/burst_buffer/varn.c:134:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/cdf_format/cdf_type.c:155:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for CDF-5 type in CDF-1 and 2 ", basename(argv[0]));
data/pnetcdf-1.12.1/test/cdf_format/cdf_type.c:180:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/cdf_format/cdf_type.c:181:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/cdf_format/dim_cdf12.c:93:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for defining dim in CDF-1/2 format ", basename(argv[0]));
data/pnetcdf-1.12.1/test/cdf_format/dim_cdf12.c:250:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/cdf_format/dim_cdf12.c:251:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/cdf_format/test_inq_format.c:35:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for inquiring file formats ", basename(argv[0]));
data/pnetcdf-1.12.1/test/cdf_format/test_inq_format.c:41:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename,"%s/test_cdf1.nc",dir_name);
data/pnetcdf-1.12.1/test/cdf_format/test_inq_format.c:67:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename,"%s/test_cdf2.nc",dir_name);
data/pnetcdf-1.12.1/test/cdf_format/test_inq_format.c:90:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename,"%s/test_cdf5.nc",dir_name);
data/pnetcdf-1.12.1/test/cdf_format/test_inq_format.c:113:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename,"%s/test_netcdf4.nc",dir_name);
data/pnetcdf-1.12.1/test/cdf_format/test_inq_format.c:153:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/cdf_format/test_inq_format.c:154:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/cdf_format/tst_corrupt.c:80:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str,
data/pnetcdf-1.12.1/test/cdf_format/tst_corrupt.c:99:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s/%s", dirname, bad_xtype[i]);
data/pnetcdf-1.12.1/test/cdf_format/tst_corrupt.c:115:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s/%s", dirname, bad_ndims[i]);
data/pnetcdf-1.12.1/test/cdf_format/tst_corrupt.c:131:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s/%s", dirname, bad_dimid[i]);
data/pnetcdf-1.12.1/test/cdf_format/tst_corrupt.c:147:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s/%s", dirname, bad_nattrs[i]);
data/pnetcdf-1.12.1/test/cdf_format/tst_corrupt.c:171:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/cdf_format/tst_corrupt.c:172:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/cdf_format/tst_open_cdf5.c:67:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(filename, FILE_NAME);
data/pnetcdf-1.12.1/test/cdf_format/tst_open_cdf5.c:71:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str,
data/pnetcdf-1.12.1/test/cdf_format/tst_open_cdf5.c:96:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/cdf_format/tst_open_cdf5.c:97:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/common/testutils.c:25:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(unknown_str,"Error code %d (%s)",err,cp);
data/pnetcdf-1.12.1/test/common/testutils.c:244:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*hint_value, val);
data/pnetcdf-1.12.1/test/fandc/csnap.c:98:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for 3D array write/read ", argv[0]);
data/pnetcdf-1.12.1/test/fandc/csnap.c:103:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(PASS_STR);
data/pnetcdf-1.12.1/test/fandc/csnap.c:200:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/fandc/csnap.c:201:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/fandc/pnctest.c:62:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/fandc/pnctest.c:63:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/header/Legacy/test_check_header.c:110:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(title, "%s:%d of %d", title, rank, nprocs);
data/pnetcdf-1.12.1/test/header/Legacy/test_check_header1.c:106:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(title, "%s:%d of %d", title, rank, nprocs);
data/pnetcdf-1.12.1/test/header/header_consistency.c:371:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for header consistency", basename(argv[0]));
data/pnetcdf-1.12.1/test/header/header_consistency.c:404:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/header/header_consistency.c:405:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/largefile/high_dim_var.c:51:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for vars APIs on high-dim variables ", basename(argv[0]));
data/pnetcdf-1.12.1/test/largefile/high_dim_var.c:169:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/largefile/high_dim_var.c:170:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/largefile/large_coalesce.c:56:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for skip filetype buftype coalesce ", basename(argv[0]));
data/pnetcdf-1.12.1/test/largefile/large_coalesce.c:319:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/largefile/large_coalesce.c:320:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/largefile/large_dims_vars_attrs.c:52:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for large DIMS, VARS, ATTRS ", basename(argv[0]));
data/pnetcdf-1.12.1/test/largefile/large_dims_vars_attrs.c:145:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/largefile/large_dims_vars_attrs.c:146:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/largefile/large_var.c:87:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for writing to a large variable ", basename(argv[0]));
data/pnetcdf-1.12.1/test/largefile/large_var.c:561:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/largefile/large_var.c:562:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/largefile/tst_cdf5_begin.c:106:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for checking CDF-5 writes", basename(argv[0]));
data/pnetcdf-1.12.1/test/largefile/tst_cdf5_begin.c:161:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/largefile/tst_cdf5_begin.c:162:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/nc4/compressed.c:35:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for reading compressed file", basename(argv[0]));
data/pnetcdf-1.12.1/test/nc4/compressed.c:40:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s/%s", dir_name, FNAME);
data/pnetcdf-1.12.1/test/nc4/compressed.c:65:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/nc4/compressed.c:66:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/nc4/noclobber.c:39:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for NC_NOCLOBBER and NC_EEXIST ", basename(argv[0]));
data/pnetcdf-1.12.1/test/nc4/noclobber.c:73:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/nc4/noclobber.c:74:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/nc4/notsupport.c:62:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for error NC_ENOTSUPPORT ", basename(argv[0]));
data/pnetcdf-1.12.1/test/nc4/notsupport.c:147:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/nc4/notsupport.c:148:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/nc4/pres_temp_4D.c:400:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for NetCDF4 file", basename(argv[0]));
data/pnetcdf-1.12.1/test/nc4/pres_temp_4D.c:422:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/nc4/pres_temp_4D.c:423:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/nc4/rd_compressed.c:84:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for reading compressed NetCDF4 file", basename(argv[0]));
data/pnetcdf-1.12.1/test/nc4/rd_compressed.c:176:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/nc4/rd_compressed.c:177:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/nc4/simple_xy.c:71:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(filename, FILE_NAME);
data/pnetcdf-1.12.1/test/nc4/simple_xy.c:76:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str,
data/pnetcdf-1.12.1/test/nc4/simple_xy.c:167:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/nc4/simple_xy.c:168:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/nc4/tst_2_rec_dims.c:51:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for reading file with 2 rec dims ", basename(argv[0]));
data/pnetcdf-1.12.1/test/nc4/tst_2_rec_dims.c:117:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/nc4/tst_2_rec_dims.c:118:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/nc4/tst_get_put_size.c:49:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for get size and put size ", basename(argv[0]));
data/pnetcdf-1.12.1/test/nc4/tst_get_put_size.c:103:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/nc4/tst_get_put_size.c:104:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/nc4/tst_rec_vars.c:48:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for record variables to NetCDF4 file ", basename(argv[0]));
data/pnetcdf-1.12.1/test/nc4/tst_rec_vars.c:141:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/nc4/tst_rec_vars.c:142:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/nc4/tst_zero_req.c:151:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for zero-length request ", basename(argv[0]));
data/pnetcdf-1.12.1/test/nc4/tst_zero_req.c:182:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/nc4/tst_zero_req.c:183:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/nc_test/error.c:34:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) vfprintf(stderr,fmt,args) ;
data/pnetcdf-1.12.1/test/nc_test/error.c:48:12: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) vfprintf(stderr,fmt,args) ;
data/pnetcdf-1.12.1/test/nc_test/error.h:15:25: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 1, 2)))
data/pnetcdf-1.12.1/test/nc_test/error.h:22:25: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 1, 2)))
data/pnetcdf-1.12.1/test/nc_test/nc_test.c:106:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(func_name, "test_%s",#func); \
data/pnetcdf-1.12.1/test/nc_test/nc_test.c:114:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(func_name, "test_%s",#func); \
data/pnetcdf-1.12.1/test/nc_test/nc_test.c:122:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(func_name, "test_%s",#func); \
data/pnetcdf-1.12.1/test/nc_test/nc_test.c:178:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(testfile, "%s/test.nc", optarg);
data/pnetcdf-1.12.1/test/nc_test/nc_test.c:179:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scratch, "%s/scratch.nc", optarg);
data/pnetcdf-1.12.1/test/nc_test/nc_test.c:232:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for NetCDF4 classic-model format ", basename(argv[0]));
data/pnetcdf-1.12.1/test/nc_test/nc_test.c:234:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for format CDF-%d ", basename(argv[0]), cdf_format);
data/pnetcdf-1.12.1/test/nc_test/nc_test.c:583:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(PASS_STR);
data/pnetcdf-1.12.1/test/nc_test/nc_test.c:587:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(FAIL_STR, nfailsTotal);
data/pnetcdf-1.12.1/test/nc_test/t_nc.c:636:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for emulating netCDF t_nc ", basename(argv[0]));
data/pnetcdf-1.12.1/test/nc_test/t_nc.c:665:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/nc_test/t_nc.c:666:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:2222:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for emulating netCDF tst_atts ", basename(argv[0]));
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:2250:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:2251:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/nc_test/tst_atts3.c:156:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename2, "%s.2", filename);
data/pnetcdf-1.12.1/test/nc_test/tst_atts3.c:779:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for emulating netCDF tst_atts3 ", basename(argv[0]));
data/pnetcdf-1.12.1/test/nc_test/tst_atts3.c:807:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/nc_test/tst_atts3.c:808:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/nc_test/tst_misc.c:47:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for emulating netCDF t_misc ", basename(argv[0]));
data/pnetcdf-1.12.1/test/nc_test/tst_misc.c:112:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/nc_test/tst_misc.c:113:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/nc_test/tst_names.c:242:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for emulating netCDF tst_names ", basename(argv[0]));
data/pnetcdf-1.12.1/test/nc_test/tst_names.c:326:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/nc_test/tst_names.c:327:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/nc_test/tst_nofill.c:368:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for fill/nofill modes ", basename(argv[0]));
data/pnetcdf-1.12.1/test/nc_test/tst_nofill.c:374:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fill_filename, "%s.fill", filename);
data/pnetcdf-1.12.1/test/nc_test/tst_nofill.c:375:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(nofill_filename, "%s.nofill", filename);
data/pnetcdf-1.12.1/test/nc_test/tst_nofill.c:481:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/nc_test/tst_nofill.c:482:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/nc_test/tst_norm.c:188:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for emulating netCDF tst_norm ", basename(argv[0]));
data/pnetcdf-1.12.1/test/nc_test/tst_norm.c:214:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/nc_test/tst_norm.c:215:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/nc_test/tst_small.c:433:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for emulating netCDF tst_small ", basename(argv[0]));
data/pnetcdf-1.12.1/test/nc_test/tst_small.c:493:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/nc_test/tst_small.c:494:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/nonblocking/flexible_bput.c:145:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for flexible bput_varm ", basename(argv[0]));
data/pnetcdf-1.12.1/test/nonblocking/flexible_bput.c:272:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/nonblocking/flexible_bput.c:273:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/nonblocking/i_varn_indef.c:230:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for iput/iget varn in define mode ", basename(argv[0]));
data/pnetcdf-1.12.1/test/nonblocking/i_varn_indef.c:636:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/nonblocking/i_varn_indef.c:637:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/nonblocking/i_varn_int64.c:577:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for iput/iget varn ", basename(argv[0]));
data/pnetcdf-1.12.1/test/nonblocking/i_varn_int64.c:633:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/nonblocking/i_varn_int64.c:634:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/nonblocking/interleaved.c:114:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for writing interleaved fileviews ", basename(argv[0]));
data/pnetcdf-1.12.1/test/nonblocking/interleaved.c:332:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/nonblocking/interleaved.c:333:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/nonblocking/large_num_reqs.c:47:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for large number of iput/iget ", basename(argv[0]));
data/pnetcdf-1.12.1/test/nonblocking/large_num_reqs.c:127:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/nonblocking/large_num_reqs.c:128:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:142:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"attribute[%d] name1(%s) != name2(%s)",i,name1,name2);
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:150:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"attribute[%d] %s: type1(%d) != type2(%d)",i,name1,type1,type2);
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:153:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"attribute[%d] %s: attlen1(%lld) != attlen2(%lld)",i,name1, attlen1, attlen2);
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:172:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"dimension[%d] %s: dimlen1(%lld) != dimlen2(%lld)",i,name1,dimlen1,dimlen2);
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:190:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"variable[%d]: name1(%s) != name2(%s)",i,name1,name2);
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:193:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"variable[%d] %s: type1(%d) != type2(%d)",i,name1,type1,type2);
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:196:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"variable[%d] %s: ndims1(%d) != ndims2(%d)",i,name1,ndims1,ndims2);
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:200:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"variable[%d] %s: dimids1[%d]=%d != dimids2[%d]=%d",i,name1,j,dimids1[j],j,dimids2[j]);
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:204:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"variable[%d] %s: natts1(%d) != natts2(%d)",i,name1,natts1,natts2);
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:207:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name,name1);
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:216:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"variable[%d] %s: attr name[%d] (%s) != (%s)",i,name,j,name1,name2);
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:224:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"variable[%d] %s: attr type[%d] (%d) != (%d)",i,name,j,type1,type2);
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:227:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"variable[%d] %s: attr attlen[%d] (%lld) != (%lld)",i,name,j, attlen1, attlen2);
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:267:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name,name1);
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:344:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for mput/iput APIs ", basename(argv[0]));
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:462:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s.%d.%d.%d.nc", fbasename, length, nvars, k);
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:464:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename1, filename);
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:466:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename2, filename);
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:468:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename3, filename);
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:709:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:710:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/nonblocking/req_all.c:92:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for NC_REQ_ALL ", basename(argv[0]));
data/pnetcdf-1.12.1/test/nonblocking/req_all.c:167:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/nonblocking/req_all.c:168:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/nonblocking/test_bput.c:48:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for bput API ", basename(argv[0]));
data/pnetcdf-1.12.1/test/nonblocking/test_bput.c:161:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/nonblocking/test_bput.c:162:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/nonblocking/wait_after_indep.c:52:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for ncmpi_end_indep_data ", basename(argv[0]));
data/pnetcdf-1.12.1/test/nonblocking/wait_after_indep.c:121:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/nonblocking/wait_after_indep.c:122:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/subfile/test_subfile.c:110:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for subfiling", basename(argv[0]));
data/pnetcdf-1.12.1/test/subfile/test_subfile.c:411:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/subfile/test_subfile.c:412:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/add_var.c:40:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (cmode == 0) sprintf(fname,"%s",filename);
data/pnetcdf-1.12.1/test/testcases/add_var.c:41:39: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else if (cmode & NC_64BIT_OFFSET) sprintf(fname,"%s%d",filename,2);
data/pnetcdf-1.12.1/test/testcases/add_var.c:42:39: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else if (cmode & NC_64BIT_DATA) sprintf(fname,"%s%d",filename,5);
data/pnetcdf-1.12.1/test/testcases/add_var.c:45:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname,"%s%d",filename,4);
data/pnetcdf-1.12.1/test/testcases/add_var.c:47:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname,"%s%d",filename,3);
data/pnetcdf-1.12.1/test/testcases/add_var.c:117:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for checking offsets of new variables ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/add_var.c:151:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/add_var.c:152:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/alignment_test.c:60:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for alignment ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/alignment_test.c:322:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/alignment_test.c:323:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/buftype_free.c:51:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for free buftype in flexible API ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/buftype_free.c:131:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/buftype_free.c:132:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/check_striping.c:88:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for striping info ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/check_striping.c:122:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/check_striping.c:123:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/check_type.c:99:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(attname,"att_uchar_for_var_%s",varname[i]);
data/pnetcdf-1.12.1/test/testcases/check_type.c:102:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(attname,"att_schar_for_var_%s",varname[i]);
data/pnetcdf-1.12.1/test/testcases/check_type.c:105:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(attname,"att_short_for_var_%s",varname[i]);
data/pnetcdf-1.12.1/test/testcases/check_type.c:108:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(attname,"att_int_for_var_%s",varname[i]);
data/pnetcdf-1.12.1/test/testcases/check_type.c:111:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(attname,"att_float_for_var_%s",varname[i]);
data/pnetcdf-1.12.1/test/testcases/check_type.c:114:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(attname,"att_double_for_var_%s",varname[i]);
data/pnetcdf-1.12.1/test/testcases/check_type.c:117:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(attname,"att_ushort_for_var_%s",varname[i]);
data/pnetcdf-1.12.1/test/testcases/check_type.c:120:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(attname,"att_uint_for_var_%s",varname[i]);
data/pnetcdf-1.12.1/test/testcases/check_type.c:123:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(attname,"att_longlong_for_var_%s",varname[i]);
data/pnetcdf-1.12.1/test/testcases/check_type.c:126:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(attname,"att_ulonglong_for_var_%s",varname[i]);
data/pnetcdf-1.12.1/test/testcases/check_type.c:136:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(attname,"att_uchar_for_var_%s",varname[i]);
data/pnetcdf-1.12.1/test/testcases/check_type.c:139:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(attname,"att_schar_for_var_%s",varname[i]);
data/pnetcdf-1.12.1/test/testcases/check_type.c:142:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(attname,"att_short_for_var_%s",varname[i]);
data/pnetcdf-1.12.1/test/testcases/check_type.c:145:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(attname,"att_int_for_var_%s",varname[i]);
data/pnetcdf-1.12.1/test/testcases/check_type.c:148:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(attname,"att_float_for_var_%s",varname[i]);
data/pnetcdf-1.12.1/test/testcases/check_type.c:151:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(attname,"att_double_for_var_%s",varname[i]);
data/pnetcdf-1.12.1/test/testcases/check_type.c:154:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(attname,"att_ushort_for_var_%s",varname[i]);
data/pnetcdf-1.12.1/test/testcases/check_type.c:157:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(attname,"att_uint_for_var_%s",varname[i]);
data/pnetcdf-1.12.1/test/testcases/check_type.c:160:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(attname,"att_longlong_for_var_%s",varname[i]);
data/pnetcdf-1.12.1/test/testcases/check_type.c:163:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(attname,"att_ulonglong_for_var_%s",varname[i]);
data/pnetcdf-1.12.1/test/testcases/check_type.c:195:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for checking for type conflict ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/check_type.c:229:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/check_type.c:230:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/collective_error.c:168:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for collective abort ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/collective_error.c:216:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/collective_error.c:217:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/flexible.c:74:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for flexible put and get ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/flexible.c:305:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/flexible.c:306:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/flexible2.c:114:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for flexible APIs ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/flexible2.c:273:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/flexible2.c:274:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/flexible_varm.c:142:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for flexible varm APIs ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/flexible_varm.c:241:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/flexible_varm.c:242:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/inq_num_vars.c:133:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for no. record/fixed variables", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/inq_num_vars.c:169:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/inq_num_vars.c:170:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/inq_recsize.c:104:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for inquiring record size ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/inq_recsize.c:140:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/inq_recsize.c:141:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/ivarn.c:183:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for ncmpi_iput_varn_<type>() ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/ivarn.c:457:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/ivarn.c:458:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/large_var_cdf5.c:51:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for large var in CDF-5", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/large_var_cdf5.c:83:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/large_var_cdf5.c:84:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/last_large_var.c:382:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for last large var in CDF-1/2", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/last_large_var.c:414:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/last_large_var.c:415:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/mix_collectives.c:52:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for get/put varm ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/mix_collectives.c:293:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/mix_collectives.c:294:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/modes.c:64:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, F_OK) == 0) {
data/pnetcdf-1.12.1/test/testcases/modes.c:83:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, F_OK) == 0) {
data/pnetcdf-1.12.1/test/testcases/modes.c:101:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, F_OK) == 0) {
data/pnetcdf-1.12.1/test/testcases/modes.c:132:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, F_OK) == 0) {
data/pnetcdf-1.12.1/test/testcases/modes.c:163:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, F_OK) == 0) {
data/pnetcdf-1.12.1/test/testcases/modes.c:203:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for file create/open modes ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/modes.c:229:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/modes.c:230:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/ncmpi_vars_null_stride.c:251:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for NULL stride ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/ncmpi_vars_null_stride.c:285:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/ncmpi_vars_null_stride.c:286:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/noclobber.c:64:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for NC_NOCLOBBER and NC_EEXIST ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/noclobber.c:98:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/noclobber.c:99:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/nonblocking.c:70:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for using ncmpi_iput_vara_int() ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/nonblocking.c:160:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/nonblocking.c:161:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/one_record.c:53:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for only one record variable ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/one_record.c:116:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/one_record.c:117:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/profile.c:364:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for profiling ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/profile.c:428:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/profile.c:429:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/record.c:300:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for write records in reversed order", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/record.c:364:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/record.c:365:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/redef1.c:163:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for entering re-define mode ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/redef1.c:202:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/redef1.c:203:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/scalar.c:108:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for get/put scalar variables ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/scalar.c:147:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/scalar.c:148:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/test_erange.c:276:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for checking for NC_ERANGE ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/test_erange.c:310:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/test_erange.c:311:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/test_fillvalue.c:91:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for _FillValue for NC_GLOBAL ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/test_fillvalue.c:125:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/test_fillvalue.c:126:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/test_vard.c:180:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for vard put and get ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/test_vard.c:516:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/test_vard.c:517:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/test_vard_multiple.c:104:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for vard to 2 variables ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/test_vard_multiple.c:327:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/test_vard_multiple.c:328:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/test_vard_rec.c:68:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for vard put on record var ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/test_vard_rec.c:180:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/test_vard_rec.c:181:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/test_varm.c:262:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for get/put varm ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/test_varm.c:301:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/test_varm.c:302:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/tst_def_var_fill.c:194:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for def_var_fill ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/tst_def_var_fill.c:228:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/tst_def_var_fill.c:229:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/tst_dimsizes.c:64:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for defining max dimension sizes ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/tst_dimsizes.c:140:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/tst_dimsizes.c:141:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/tst_free_comm.c:98:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for freeing MPI communicator ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/tst_free_comm.c:122:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/tst_free_comm.c:123:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/tst_info.c:88:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for merging env info ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/tst_info.c:257:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/tst_info.c:258:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/tst_max_var_dims.c:52:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for checking NC_MAX_VAR_DIMS ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/tst_max_var_dims.c:91:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/tst_max_var_dims.c:92:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/tst_max_var_dims.c:97:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (rank == 0) printf(SKIP_STR);
data/pnetcdf-1.12.1/test/testcases/tst_pthread.c:124:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s.%d", ((thread_arg*)arg)->fname, id);
data/pnetcdf-1.12.1/test/testcases/tst_pthread.c:185:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s.%d", ((thread_arg*)arg)->fname, id);
data/pnetcdf-1.12.1/test/testcases/tst_pthread.c:263:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for thread safety ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/tst_pthread.c:299:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s.%d", filename, i);
data/pnetcdf-1.12.1/test/testcases/tst_pthread.c:315:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(t_arg[i].fname, "%s",filename);
data/pnetcdf-1.12.1/test/testcases/tst_pthread.c:349:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/tst_pthread.c:350:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/tst_pthread.c:353:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (rank == 0) printf(SKIP_STR);
data/pnetcdf-1.12.1/test/testcases/tst_version.c:29:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for PnetCDF library version ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/tst_version.c:35:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, ncmpi_inq_libvers());
data/pnetcdf-1.12.1/test/testcases/tst_version.c:63:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/tst_version.c:64:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/varn_contig.c:95:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for put_varn with contig fileview", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/varn_contig.c:244:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/varn_contig.c:245:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/varn_int.c:112:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for ncmpi_put_varn_int_all() ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/varn_int.c:344:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/varn_int.c:345:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/test/testcases/vectors.c:49:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_str, "*** TESTING C %s for put_vara/get_vara ", basename(argv[0]));
data/pnetcdf-1.12.1/test/testcases/vectors.c:133:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nerrs) printf(FAIL_STR,nerrs);
data/pnetcdf-1.12.1/test/testcases/vectors.c:134:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(PASS_STR);
data/pnetcdf-1.12.1/benchmarks/C/aggregation.c:540:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hqdl:")) != EOF)
data/pnetcdf-1.12.1/benchmarks/C/write_block_read_column.c:346:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hql:")) != EOF)
data/pnetcdf-1.12.1/examples/C/block_cyclic.c:147:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/C/bput_varn_int64.c:232:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/C/bput_varn_uint.c:208:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/C/collective_write.c:238:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hqk:l:")) != EOF)
data/pnetcdf-1.12.1/examples/C/column_wise.c:135:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/C/create_open.c:94:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/C/fill_mode.c:131:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/C/flexible_api.c:150:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/C/get_info.c:126:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/C/get_vara.c:193:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/C/ghost_cell.c:228:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hqk:l:")) != EOF)
data/pnetcdf-1.12.1/examples/C/global_attributes.c:104:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/C/hints.c:161:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/C/i_varn_int64.c:209:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/C/mput.c:119:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/C/nonblocking_write.c:139:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hql:")) != EOF)
data/pnetcdf-1.12.1/examples/C/nonblocking_write_in_def.c:142:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hql:")) != EOF)
data/pnetcdf-1.12.1/examples/C/pthread.c:367:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/C/put_vara.c:201:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hqk:")) != EOF)
data/pnetcdf-1.12.1/examples/C/put_varn_float.c:110:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/C/put_varn_int.c:117:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/C/req_all.c:126:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/C/time_var.c:328:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hqk:")) != EOF)
data/pnetcdf-1.12.1/examples/C/transpose.c:272:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hqk:l:")) != EOF)
data/pnetcdf-1.12.1/examples/C/transpose2D.c:254:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hqk:l:")) != EOF)
data/pnetcdf-1.12.1/examples/C/vard_int.c:121:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/C/vard_mvars.c:160:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/CXX/SimpleXyWr.cpp:59:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/CXX/block_cyclic.cpp:112:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/CXX/collective_write.cpp:107:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hql:")) != EOF)
data/pnetcdf-1.12.1/examples/CXX/column_wise.cpp:102:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/CXX/fill_mode.cpp:101:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/CXX/flexible_api.cpp:115:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/CXX/get_info.cpp:94:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/CXX/get_vara.cpp:92:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/CXX/hints.cpp:130:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/CXX/nonblocking_write.cpp:108:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hql:")) != EOF)
data/pnetcdf-1.12.1/examples/CXX/put_vara.cpp:97:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/CXX/put_varn_float.cpp:77:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/CXX/put_varn_int.cpp:85:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/CXX/transpose.cpp:82:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hql:")) != EOF)
data/pnetcdf-1.12.1/examples/CXX/vard_int.cpp:88:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/adios/read_metadata.c:55:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/adios/read_var.c:76:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/adios/read_var_nb.c:77:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hq")) != EOF)
data/pnetcdf-1.12.1/examples/burst_buffer/create_open.c:75:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hqb:")) != EOF)
data/pnetcdf-1.12.1/examples/burst_buffer/nonblocking.c:109:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "hqb:")) != EOF)
data/pnetcdf-1.12.1/src/dispatchers/file.c:157:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env_str = getenv("PNETCDF_HINTS")) != NULL) {
data/pnetcdf-1.12.1/src/dispatchers/file.c:281:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env_str = getenv("PNETCDF_SAFE_MODE")) != NULL) {
data/pnetcdf-1.12.1/src/dispatchers/file.c:296:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env_str = getenv("PNETCDF_RELAX_COORD_BOUND")) != NULL) {
data/pnetcdf-1.12.1/src/dispatchers/file.c:549:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env_str = getenv("PNETCDF_SAFE_MODE")) != NULL) {
data/pnetcdf-1.12.1/src/dispatchers/file.c:564:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env_str = getenv("PNETCDF_RELAX_COORD_BOUND")) != NULL) {
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_log.c:136:15: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
abspath = realpath(path, basename);
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_log.c:141:15: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
abspath = realpath(logbasep, logbase);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/mpincio.c:175:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
num_sf_env = getenv("NC_NUM_SUBFILES");
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/mpinetcdf.c:180:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env_str = getenv("PNETCDF_SAFE_MODE")) != NULL) {
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/mpinetcdf.c:234:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env_str = getenv("PNETCDF_HINTS")) != NULL) {
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/mpinetcdf.c:384:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env_str = getenv("PNETCDF_SAFE_MODE")) != NULL) {
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/mpinetcdf.c:415:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env_str = getenv("PNETCDF_HINTS")) != NULL) {
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_create.c:227:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env_str = getenv("PNETCDF_SAFE_MODE")) != NULL) {
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_open.c:131:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env_str = getenv("PNETCDF_SAFE_MODE")) != NULL) {
data/pnetcdf-1.12.1/src/include/pnc_debug.h:44:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *_env_str = getenv("PNETCDF_VERBOSE_DEBUG_MODE"); \
data/pnetcdf-1.12.1/src/include/pnc_debug.h:54:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *_env_str = getenv("PNETCDF_VERBOSE_DEBUG_MODE"); \
data/pnetcdf-1.12.1/src/include/pnc_debug.h:64:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *_env_str = getenv("PNETCDF_VERBOSE_DEBUG_MODE"); \
data/pnetcdf-1.12.1/src/utils/ncmpidiff/cdfdiff.c:226:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "bhqv:t:")) != -1)
data/pnetcdf-1.12.1/src/utils/ncmpidiff/ncmpidiff.c:307:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "bhqt:v:")) != -1) {
data/pnetcdf-1.12.1/src/utils/ncmpidump/ncmpidump.c:868:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "b:cf:hVkl:n:v:d:p:")) != EOF)
data/pnetcdf-1.12.1/src/utils/ncmpigen/main.c:115:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "bcfl:no:v:x")) != EOF)
data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigentab.c:628:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((yys = getenv("YYDEBUG")) != 0)
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:1906:19: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "v:sghqxr")) != EOF) {
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:1937:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env_str = getenv("PNETCDF_VERBOSE_DEBUG_MODE");
data/pnetcdf-1.12.1/src/utils/ncvalidator/ncvalidator.c:2265:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "xthq")) != EOF)
data/pnetcdf-1.12.1/src/utils/pnetcdf_version/pnetcdf_version.c:54:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ( (opt=getopt(argc,argv,"vdcbh"))!= EOF) {
data/pnetcdf-1.12.1/test/Legacy/test_dtype/test_darray.c:31:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c=getopt(argc,argv,"h:f:d:n:m:o:"))!=-1) {
data/pnetcdf-1.12.1/test/Legacy/test_dtype/test_nonblocking.c:31:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c=getopt(argc,argv,"h:f:d:n:m:o:"))!=-1) {
data/pnetcdf-1.12.1/test/Legacy/test_dtype/test_subarray.c:31:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c=getopt(argc,argv,"h:f:d:n:m:o:"))!=-1) {
data/pnetcdf-1.12.1/test/common/testutils.c:195:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env_str = getenv("PNETCDF_HINTS")) != NULL) {
data/pnetcdf-1.12.1/test/fandc/csnap.c:409:5: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(seed);
data/pnetcdf-1.12.1/test/fandc/csnap.c:414:26: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
double tmp = random();
data/pnetcdf-1.12.1/test/fandc/csnap.c:421:26: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
double tmp = random();
data/pnetcdf-1.12.1/test/nc_test/nc_test.c:157:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "245hrn:d:v")) != -1)
data/pnetcdf-1.12.1/test/nc_test/util.c:237:24: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
r = (MPI_Offset)(((random() % 32768) / 32767.0) * (n - 1) + 0.5);
data/pnetcdf-1.12.1/test/nf90_test/fortlib.c:86:18: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (*seed != 0) srandom(*seed);
data/pnetcdf-1.12.1/test/nf90_test/fortlib.c:87:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return (double)(random() % 32768 ) / 32767.0;
data/pnetcdf-1.12.1/test/nf_test/fortlib.c:86:18: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (*seed != 0) srandom(*seed);
data/pnetcdf-1.12.1/test/nf_test/fortlib.c:87:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return (double)(random() % 32768 ) / 32767.0;
data/pnetcdf-1.12.1/test/subfile/test_subfile.c:64:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "f:s:p:n:l:r")) != EOF) {
data/pnetcdf-1.12.1/test/testcases/profile.c:372:21: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "vh")) != EOF) {
data/pnetcdf-1.12.1/benchmarks/C/aggregation.c:128:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[MPI_MAX_INFO_KEY], value[MPI_MAX_INFO_VAL];
data/pnetcdf-1.12.1/benchmarks/C/aggregation.c:214:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_name[32];
data/pnetcdf-1.12.1/benchmarks/C/aggregation.c:217:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(var_name,"block_block_var_%d",i);
data/pnetcdf-1.12.1/benchmarks/C/aggregation.c:224:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(var_name,"star_cyclic_var_%d",i);
data/pnetcdf-1.12.1/benchmarks/C/aggregation.c:231:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(var_name,"block_star_var_%d",i);
data/pnetcdf-1.12.1/benchmarks/C/aggregation.c:238:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(var_name,"star_block_var_%d",i);
data/pnetcdf-1.12.1/benchmarks/C/aggregation.c:527:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/benchmarks/C/aggregation.c:546:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'l': len = atoi(optarg);
data/pnetcdf-1.12.1/benchmarks/C/aggregation.c:553:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/benchmarks/C/write_block_read_column.c:56:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[MPI_MAX_INFO_KEY], value[MPI_MAX_INFO_VAL];
data/pnetcdf-1.12.1/benchmarks/C/write_block_read_column.c:136:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_name[32];
data/pnetcdf-1.12.1/benchmarks/C/write_block_read_column.c:137:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(var_name,"block_block_var_%d",i);
data/pnetcdf-1.12.1/benchmarks/C/write_block_read_column.c:334:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/benchmarks/C/write_block_read_column.c:350:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'l': len = atoi(optarg);
data/pnetcdf-1.12.1/benchmarks/C/write_block_read_column.c:357:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/C/block_cyclic.c:133:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/C/block_cyclic.c:156:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/C/bput_varn_int64.c:216:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], *exec;
data/pnetcdf-1.12.1/examples/C/bput_varn_int64.c:241:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/C/bput_varn_uint.c:192:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], *exec;
data/pnetcdf-1.12.1/examples/C/bput_varn_uint.c:217:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/C/collective_write.c:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info_cb_nodes[64], info_cb_buffer_size[64];
data/pnetcdf-1.12.1/examples/C/collective_write.c:70:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info_striping_factor[64], info_striping_unit[64];
data/pnetcdf-1.12.1/examples/C/collective_write.c:72:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(info_cb_nodes, "undefined");
data/pnetcdf-1.12.1/examples/C/collective_write.c:73:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(info_cb_buffer_size, "undefined");
data/pnetcdf-1.12.1/examples/C/collective_write.c:74:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(info_striping_factor, "undefined");
data/pnetcdf-1.12.1/examples/C/collective_write.c:75:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(info_striping_unit, "undefined");
data/pnetcdf-1.12.1/examples/C/collective_write.c:124:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[512];
data/pnetcdf-1.12.1/examples/C/collective_write.c:172:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%c", 'x'+i);
data/pnetcdf-1.12.1/examples/C/collective_write.c:178:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "var%d", i);
data/pnetcdf-1.12.1/examples/C/collective_write.c:229:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/C/collective_write.c:242:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'k': kind = atoi(optarg);
data/pnetcdf-1.12.1/examples/C/collective_write.c:244:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'l': len = atoi(optarg);
data/pnetcdf-1.12.1/examples/C/collective_write.c:251:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/C/column_wise.c:121:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/C/column_wise.c:144:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/C/create_open.c:85:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/C/create_open.c:103:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/C/fill_mode.c:118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/C/fill_mode.c:140:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/C/flexible_api.c:135:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/C/flexible_api.c:159:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/C/get_info.c:102:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[MPI_MAX_INFO_KEY], value[MPI_MAX_INFO_VAL];
data/pnetcdf-1.12.1/examples/C/get_info.c:116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/C/get_info.c:135:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/C/get_vara.c:115:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_att[NC_MAX_NAME];
data/pnetcdf-1.12.1/examples/C/get_vara.c:184:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/C/get_vara.c:202:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/C/ghost_cell.c:219:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/C/ghost_cell.c:232:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'k': kind = atoi(optarg);
data/pnetcdf-1.12.1/examples/C/ghost_cell.c:234:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'l': len = atoi(optarg);
data/pnetcdf-1.12.1/examples/C/ghost_cell.c:241:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/C/global_attributes.c:92:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/C/global_attributes.c:93:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_att[128], att_name[NC_MAX_NAME];
data/pnetcdf-1.12.1/examples/C/global_attributes.c:113:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/C/global_attributes.c:123:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_att, "Mon Aug 13 21:27:48 2018");
data/pnetcdf-1.12.1/examples/C/hints.c:94:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[MPI_MAX_INFO_VAL];
data/pnetcdf-1.12.1/examples/C/hints.c:147:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/C/hints.c:170:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/C/i_varn_int64.c:193:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], *exec;
data/pnetcdf-1.12.1/examples/C/i_varn_int64.c:218:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/C/mpi_subarray.c:23:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorString[MPI_MAX_ERROR_STRING]; \
data/pnetcdf-1.12.1/examples/C/mput.c:105:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/C/mput.c:128:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/C/nonblocking_write.c:98:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info_cb_nodes[64], info_cb_buffer_size[64];
data/pnetcdf-1.12.1/examples/C/nonblocking_write.c:99:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info_striping_factor[64], info_striping_unit[64];
data/pnetcdf-1.12.1/examples/C/nonblocking_write.c:101:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(info_cb_nodes, "undefined");
data/pnetcdf-1.12.1/examples/C/nonblocking_write.c:102:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(info_cb_buffer_size, "undefined");
data/pnetcdf-1.12.1/examples/C/nonblocking_write.c:103:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(info_striping_factor, "undefined");
data/pnetcdf-1.12.1/examples/C/nonblocking_write.c:104:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(info_striping_unit, "undefined");
data/pnetcdf-1.12.1/examples/C/nonblocking_write.c:126:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], str[512];
data/pnetcdf-1.12.1/examples/C/nonblocking_write.c:143:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'l': len = atoi(optarg);
data/pnetcdf-1.12.1/examples/C/nonblocking_write.c:150:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/C/nonblocking_write.c:198:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%c", 'x'+i);
data/pnetcdf-1.12.1/examples/C/nonblocking_write.c:205:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "var%d", i);
data/pnetcdf-1.12.1/examples/C/nonblocking_write_in_def.c:100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info_cb_nodes[64], info_cb_buffer_size[64];
data/pnetcdf-1.12.1/examples/C/nonblocking_write_in_def.c:101:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info_striping_factor[64], info_striping_unit[64];
data/pnetcdf-1.12.1/examples/C/nonblocking_write_in_def.c:103:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(info_cb_nodes, "undefined");
data/pnetcdf-1.12.1/examples/C/nonblocking_write_in_def.c:104:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(info_cb_buffer_size, "undefined");
data/pnetcdf-1.12.1/examples/C/nonblocking_write_in_def.c:105:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(info_striping_factor, "undefined");
data/pnetcdf-1.12.1/examples/C/nonblocking_write_in_def.c:106:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(info_striping_unit, "undefined");
data/pnetcdf-1.12.1/examples/C/nonblocking_write_in_def.c:128:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], str[512];
data/pnetcdf-1.12.1/examples/C/nonblocking_write_in_def.c:146:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'l': len = atoi(optarg);
data/pnetcdf-1.12.1/examples/C/nonblocking_write_in_def.c:153:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/C/nonblocking_write_in_def.c:200:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%c", 'x'+i);
data/pnetcdf-1.12.1/examples/C/nonblocking_write_in_def.c:207:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "var%d", i);
data/pnetcdf-1.12.1/examples/C/pthread.c:195:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[256]; /* output file name base */
data/pnetcdf-1.12.1/examples/C/pthread.c:202:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/C/pthread.c:334:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/C/pthread.c:376:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/C/put_vara.c:122:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_att[128];
data/pnetcdf-1.12.1/examples/C/put_vara.c:145:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_att, "Mon Aug 13 21:27:48 2018");
data/pnetcdf-1.12.1/examples/C/put_vara.c:161:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str_att, "example attribute of type text.");
data/pnetcdf-1.12.1/examples/C/put_vara.c:192:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/C/put_vara.c:205:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'k': kind = atoi(optarg);
data/pnetcdf-1.12.1/examples/C/put_vara.c:212:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/C/put_varn_float.c:97:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/C/put_varn_float.c:119:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/C/put_varn_int.c:105:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/C/put_varn_int.c:126:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/C/req_all.c:113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/C/req_all.c:135:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/C/time_var.c:124:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_att[128];
data/pnetcdf-1.12.1/examples/C/time_var.c:146:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_att, "Mon Aug 13 21:27:48 2018");
data/pnetcdf-1.12.1/examples/C/time_var.c:319:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/C/time_var.c:332:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'k': kind = atoi(optarg);
data/pnetcdf-1.12.1/examples/C/time_var.c:339:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/C/transpose.c:95:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[512];
data/pnetcdf-1.12.1/examples/C/transpose.c:112:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "psizes= ");
data/pnetcdf-1.12.1/examples/C/transpose.c:113:33: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
for (i=0; i<NDIMS; i++) sprintf(str+strlen(str), "%d ",psizes[i]);
data/pnetcdf-1.12.1/examples/C/transpose.c:125:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "proc %d: dim rank= ", rank);
data/pnetcdf-1.12.1/examples/C/transpose.c:126:33: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
for (i=0; i<NDIMS; i++) sprintf(str+strlen(str), "%lld ",starts[i]);
data/pnetcdf-1.12.1/examples/C/transpose.c:167:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%c", 'Z'-i);
data/pnetcdf-1.12.1/examples/C/transpose.c:263:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/C/transpose.c:276:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'k': kind = atoi(optarg);
data/pnetcdf-1.12.1/examples/C/transpose.c:278:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'l': len = atoi(optarg);
data/pnetcdf-1.12.1/examples/C/transpose.c:285:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/C/transpose2D.c:116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[512];
data/pnetcdf-1.12.1/examples/C/transpose2D.c:133:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "psizes= ");
data/pnetcdf-1.12.1/examples/C/transpose2D.c:134:33: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
for (i=0; i<NDIMS; i++) sprintf(str+strlen(str), "%d ",psizes[i]);
data/pnetcdf-1.12.1/examples/C/transpose2D.c:146:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "proc %d: dim rank= ", rank);
data/pnetcdf-1.12.1/examples/C/transpose2D.c:147:33: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
for (i=0; i<NDIMS; i++) sprintf(str+strlen(str), "%lld ",start[i]);
data/pnetcdf-1.12.1/examples/C/transpose2D.c:245:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/C/transpose2D.c:258:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'k': kind = atoi(optarg);
data/pnetcdf-1.12.1/examples/C/transpose2D.c:260:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'l': len = atoi(optarg);
data/pnetcdf-1.12.1/examples/C/transpose2D.c:267:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/C/vard_int.c:106:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/C/vard_int.c:130:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/C/vard_mvars.c:144:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/C/vard_mvars.c:169:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/CXX/SimpleXyWr.cpp:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/CXX/SimpleXyWr.cpp:68:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/CXX/block_cyclic.cpp:101:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/CXX/block_cyclic.cpp:121:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/CXX/collective_write.cpp:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info_cb_nodes[64], info_cb_buffer_size[64];
data/pnetcdf-1.12.1/examples/CXX/collective_write.cpp:70:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info_striping_factor[64], info_striping_unit[64];
data/pnetcdf-1.12.1/examples/CXX/collective_write.cpp:72:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(info_cb_nodes, "undefined");
data/pnetcdf-1.12.1/examples/CXX/collective_write.cpp:73:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(info_cb_buffer_size, "undefined");
data/pnetcdf-1.12.1/examples/CXX/collective_write.cpp:74:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(info_striping_factor, "undefined");
data/pnetcdf-1.12.1/examples/CXX/collective_write.cpp:75:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(info_striping_unit, "undefined");
data/pnetcdf-1.12.1/examples/CXX/collective_write.cpp:93:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], str[512];
data/pnetcdf-1.12.1/examples/CXX/collective_write.cpp:111:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'l': len = atoi(optarg);
data/pnetcdf-1.12.1/examples/CXX/collective_write.cpp:118:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/CXX/collective_write.cpp:156:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%c", 'x'+i);
data/pnetcdf-1.12.1/examples/CXX/collective_write.cpp:163:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "var%d", i);
data/pnetcdf-1.12.1/examples/CXX/column_wise.cpp:92:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/CXX/column_wise.cpp:111:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/CXX/fill_mode.cpp:92:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], str_att[256];
data/pnetcdf-1.12.1/examples/CXX/fill_mode.cpp:110:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/CXX/fill_mode.cpp:129:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_att, "Mon Aug 13 21:27:48 2018");
data/pnetcdf-1.12.1/examples/CXX/flexible_api.cpp:104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/CXX/flexible_api.cpp:124:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/CXX/get_info.cpp:72:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[MPI_MAX_INFO_KEY], value[MPI_MAX_INFO_VAL];
data/pnetcdf-1.12.1/examples/CXX/get_info.cpp:86:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/CXX/get_info.cpp:103:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/CXX/get_vara.cpp:83:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], str_att[NC_MAX_NAME];
data/pnetcdf-1.12.1/examples/CXX/get_vara.cpp:101:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/CXX/hints.cpp:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[MPI_MAX_INFO_VAL];
data/pnetcdf-1.12.1/examples/CXX/hints.cpp:119:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/CXX/hints.cpp:139:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/CXX/nonblocking_write.cpp:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info_cb_nodes[64], info_cb_buffer_size[64];
data/pnetcdf-1.12.1/examples/CXX/nonblocking_write.cpp:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info_striping_factor[64], info_striping_unit[64];
data/pnetcdf-1.12.1/examples/CXX/nonblocking_write.cpp:71:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(info_cb_nodes, "undefined");
data/pnetcdf-1.12.1/examples/CXX/nonblocking_write.cpp:72:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(info_cb_buffer_size, "undefined");
data/pnetcdf-1.12.1/examples/CXX/nonblocking_write.cpp:73:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(info_striping_factor, "undefined");
data/pnetcdf-1.12.1/examples/CXX/nonblocking_write.cpp:74:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(info_striping_unit, "undefined");
data/pnetcdf-1.12.1/examples/CXX/nonblocking_write.cpp:96:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], str[512];
data/pnetcdf-1.12.1/examples/CXX/nonblocking_write.cpp:112:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'l': len = atoi(optarg);
data/pnetcdf-1.12.1/examples/CXX/nonblocking_write.cpp:119:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/CXX/nonblocking_write.cpp:160:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%c", 'x'+i);
data/pnetcdf-1.12.1/examples/CXX/nonblocking_write.cpp:167:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "var%d", i);
data/pnetcdf-1.12.1/examples/CXX/put_vara.cpp:87:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], str_att[256];
data/pnetcdf-1.12.1/examples/CXX/put_vara.cpp:106:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/CXX/put_vara.cpp:125:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_att, "Mon Aug 13 21:27:48 2018");
data/pnetcdf-1.12.1/examples/CXX/put_varn_float.cpp:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/CXX/put_varn_float.cpp:86:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/CXX/put_varn_int.cpp:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/CXX/put_varn_int.cpp:94:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/CXX/transpose.cpp:71:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], str[512];
data/pnetcdf-1.12.1/examples/CXX/transpose.cpp:86:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'l': len = atoi(optarg);
data/pnetcdf-1.12.1/examples/CXX/transpose.cpp:93:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/CXX/transpose.cpp:104:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "psizes= ");
data/pnetcdf-1.12.1/examples/CXX/transpose.cpp:105:33: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
for (i=0; i<NDIMS; i++) sprintf(str+strlen(str), "%d ",psizes[i]);
data/pnetcdf-1.12.1/examples/CXX/transpose.cpp:117:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "proc %d: dim rank= ", rank);
data/pnetcdf-1.12.1/examples/CXX/transpose.cpp:118:33: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
for (i=0; i<NDIMS; i++) sprintf(str+strlen(str), "%lld ",starts[i]);
data/pnetcdf-1.12.1/examples/CXX/transpose.cpp:148:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%c", 'Z'-i);
data/pnetcdf-1.12.1/examples/CXX/vard_int.cpp:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/CXX/vard_int.cpp:97:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/adios/read_metadata.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/adios/read_metadata.c:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NC_MAX_NAME + 1];
data/pnetcdf-1.12.1/examples/adios/read_var.c:62:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/adios/read_var_nb.c:62:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/burst_buffer/create_open.c:66:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], *bb_dir;
data/pnetcdf-1.12.1/examples/burst_buffer/create_open.c:87:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/burst_buffer/nonblocking.c:92:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], *bb_dir;
data/pnetcdf-1.12.1/examples/burst_buffer/nonblocking.c:121:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-permute.c:35:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-permute.c:56:19: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-read-flexible.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], varname[NC_MAX_NAME+1];
data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-read-flexible.c:49:19: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-read-from-master.c:47:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_string[MPI_MAX_ERROR_STRING+1]; \
data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-read-from-master.c:66:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], varname[NC_MAX_NAME+1];
data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-read-from-master.c:82:19: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-read-nb.c:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], varname[NC_MAX_NAME+1];
data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-read-nb.c:46:19: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-read-nfiles.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[DSET_NAME_LEN];
data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-read-nfiles.c:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char basename[256];
data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-read-nfiles.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varname[NC_MAX_NAME+1];
data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-read-nfiles.c:58:19: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(basename, "testfile");
data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-read-standard.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], varname[NC_MAX_NAME+1];
data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-read-standard.c:49:19: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-write-buffered.c:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-write-buffered.c:37:19: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-write-flexible.c:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], buf[13] = "Hello World\n";
data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-write-flexible.c:69:19: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-write-from-master.c:53:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], buf[13] = "Hello World\n";
data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-write-from-master.c:67:19: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-write-nb.c:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], buf[13] = "Hello World\n";
data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-write-nb.c:71:19: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-write-nfiles.c:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[13] = "Hello World\n";
data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-write-nfiles.c:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[DSET_NAME_LEN], basename[256];
data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-write-nfiles.c:60:19: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(basename, "testfile");
data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-write-standard.c:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], buf[13] = "Hello World\n";
data/pnetcdf-1.12.1/examples/tutorial/pnetcdf-write-standard.c:69:19: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/src/binding/cxx/ncmpiDim.cpp:116:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimName[NC_MAX_NAME+1];
data/pnetcdf-1.12.1/src/binding/cxx/ncmpiEnumType.cpp:71:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char charName[NC_MAX_NAME+1];
data/pnetcdf-1.12.1/src/binding/cxx/ncmpiEnumType.cpp:97:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char charName[NC_MAX_NAME+1];
data/pnetcdf-1.12.1/src/binding/cxx/ncmpiEnumType.cpp:108:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char charName[NC_MAX_NAME+1];
data/pnetcdf-1.12.1/src/binding/cxx/ncmpiEnumType.h:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char charName[NC_MAX_NAME+1];
data/pnetcdf-1.12.1/src/binding/cxx/ncmpiGroup.cpp:110:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char charName[NC_MAX_NAME+1];
data/pnetcdf-1.12.1/src/binding/cxx/ncmpiGroup.cpp:636:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char charName[NC_MAX_NAME+1];
data/pnetcdf-1.12.1/src/binding/cxx/ncmpiGroup.cpp:651:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char charName[NC_MAX_NAME+1];
data/pnetcdf-1.12.1/src/binding/cxx/ncmpiGroupAtt.cpp:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attName[NC_MAX_NAME+1];
data/pnetcdf-1.12.1/src/binding/cxx/ncmpiVar.cpp:521:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char charName[NC_MAX_NAME+1];
data/pnetcdf-1.12.1/src/binding/cxx/ncmpiVarAtt.cpp:54:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attName[NC_MAX_NAME+1];
data/pnetcdf-1.12.1/src/binding/cxx/ncmpiVlenType.cpp:71:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char charName[NC_MAX_NAME+1];
data/pnetcdf-1.12.1/src/dispatchers/error_codes.c:53:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char msgbuf[256];
data/pnetcdf-1.12.1/src/dispatchers/error_codes.c:61:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void) strcpy(msgbuf, "EVMSERR");
data/pnetcdf-1.12.1/src/dispatchers/error_codes.c:71:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nc_unknown_err_msg[128];
data/pnetcdf-1.12.1/src/dispatchers/error_codes.c:76:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nc_unknown_err_msg,"Unknown Error: Unrecognized error code %5d\n",err);
data/pnetcdf-1.12.1/src/dispatchers/error_codes.c:559:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char unknown_str[64];
data/pnetcdf-1.12.1/src/dispatchers/error_codes.c:564:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(unknown_str,"Unknown error code %d",err);
data/pnetcdf-1.12.1/src/dispatchers/error_codes.c:721:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(unknown_str,"Unknown code %d",err);
data/pnetcdf-1.12.1/src/dispatchers/file.c:38:28: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define BUFREAD64(buf,var) memcpy(&var, buf, 8); if (diff_endian) swap_64(&var);
data/pnetcdf-1.12.1/src/dispatchers/file.c:55:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorString[MPI_MAX_ERROR_STRING]; \
data/pnetcdf-1.12.1/src/dispatchers/file.c:336:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[MPI_MAX_INFO_VAL];
data/pnetcdf-1.12.1/src/dispatchers/file.c:350:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[MPI_MAX_INFO_VAL];
data/pnetcdf-1.12.1/src/dispatchers/file.c:641:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[MPI_MAX_INFO_VAL];
data/pnetcdf-1.12.1/src/dispatchers/file.c:656:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[MPI_MAX_INFO_VAL];
data/pnetcdf-1.12.1/src/dispatchers/file.c:732:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
err = driver->open(pncp->comm, path, omode, *ncidp, combined_info, &ncp);
data/pnetcdf-1.12.1/src/dispatchers/file.c:1141:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp, dest, 8);
data/pnetcdf-1.12.1/src/dispatchers/file.c:1179:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[8];
data/pnetcdf-1.12.1/src/dispatchers/file.c:1199:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(path, O_RDONLY, 00400)) == -1) { /* open for read */
data/pnetcdf-1.12.1/src/dispatchers/file.c:1246:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char footer[BP_MINIFOOTER_SIZE];
data/pnetcdf-1.12.1/src/dispatchers/file.c:1250:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(path, O_RDONLY, 00400)) == -1) {
data/pnetcdf-1.12.1/src/dispatchers/variable.c:180:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(root_dimids, dimids, (size_t)root_ndims*SIZEOF_INT);
data/pnetcdf-1.12.1/src/drivers/common/error_mpi2nc.c:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorString[MPI_MAX_ERROR_STRING];
data/pnetcdf-1.12.1/src/drivers/ncadios/adios_headers/core/adios_internals.h:755:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void adios_conca_mesh_numb_att_nam (char ** returnstr, const char * meshname, char * att_nam, char counterstr[5]);
data/pnetcdf-1.12.1/src/drivers/ncadios/adios_headers/core/adios_internals.h:755:62: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void adios_conca_mesh_numb_att_nam (char ** returnstr, const char * meshname, char * att_nam, char counterstr[5]);
data/pnetcdf-1.12.1/src/drivers/ncadios/adios_headers/core/adios_internals.h:755:79: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void adios_conca_mesh_numb_att_nam (char ** returnstr, const char * meshname, char * att_nam, char counterstr[5]);
data/pnetcdf-1.12.1/src/drivers/ncadios/adios_headers/core/adios_internals.h:755:95: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void adios_conca_mesh_numb_att_nam (char ** returnstr, const char * meshname, char * att_nam, char counterstr[5]);
data/pnetcdf-1.12.1/src/drivers/ncadios/adios_headers/core/adios_internals.h:757:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void adios_conca_link_att_nam(char ** returnstr, const char * name, char * att_nam, char counterstr[5]);
data/pnetcdf-1.12.1/src/drivers/ncadios/adios_headers/core/adios_internals.h:757:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void adios_conca_link_att_nam(char ** returnstr, const char * name, char * att_nam, char counterstr[5]);
data/pnetcdf-1.12.1/src/drivers/ncadios/adios_headers/core/adios_internals.h:757:69: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void adios_conca_link_att_nam(char ** returnstr, const char * name, char * att_nam, char counterstr[5]);
data/pnetcdf-1.12.1/src/drivers/ncadios/adios_headers/core/adios_internals.h:757:85: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void adios_conca_link_att_nam(char ** returnstr, const char * name, char * att_nam, char counterstr[5]);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_attr.c:96:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attname[1024];
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_attr.c:147:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attname[1024];
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_attr.c:235:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attname[1024];
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_attr.c:266:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, adata, asize);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_bp2ncd.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimname[256];
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_bp2ncd.c:49:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest, src, sizeof(struct adios_bp_buffer_struct_v1));
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_bp2ncd.c:99:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullname[256],dimname[256];
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_internal.c:58:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(var.dimids, dimids, SIZEOF_INT * ndim);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_internal.c:90:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[1024];
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_internal.c:122:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_internal.c:134:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "var_%d_timesteps", i);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_internal.c:153:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024];
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_internal.c:185:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "var_%d_dim_%d", i, j);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_sync.c:71:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur, ncadp->vars.data[i].dimids,
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_sync.c:74:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur, ncadp->vars.data[i].atts.data,
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_var.c:106:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dimids, var.dimids, var.ndim * SIZEOF_INT);
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_driver.h:63:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[NC_LOG_MAGIC_SIZE];
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_driver.h:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[NC_LOG_FORMAT_SIZE];
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_driver.h:73:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char basename[1]; /* The hack to keep basename inside the structure */
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_driver.h:155:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char metalogpath[PATH_MAX]; /* path of metadata log */
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_driver.h:156:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datalogpath[PATH_MAX]; /* path of data log */
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_driver.h:157:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logbase[PATH_MAX]; /* path of log files */
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_file.c:122:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
err = driver->open(comm, path, omode, ncid, info, &ncp);
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_log.c:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logbase[PATH_MAX], basename[PATH_MAX];
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_log.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char procname[MPI_MAX_PROCESSOR_NAME];
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_log_put.c:126:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type_name[MPI_MAX_OBJECT_NAME];
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_log_put.c:304:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type_name[MPI_MAX_OBJECT_NAME];
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_log_put.c:385:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Start + i * ndims, starts[i], ndims * SIZEOF_MPI_OFFSET);
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_log_put.c:390:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Count + i * ndims, counts[i], ndims * SIZEOF_MPI_OFFSET);
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_sharedfile.c:66:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f->fd = open(path, flag, 0744);
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_sharedfile.c:81:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f->fd = open(path, flag & (~(O_CREAT)), 0744);
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_util.c:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[MPI_MAX_INFO_VAL];
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_util.c:93:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[MPI_MAX_INFO_VAL];
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_util.c:94:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%llu", ncbbp->flushbuffersize);
data/pnetcdf-1.12.1/src/drivers/ncfoo/ncfoo_file.c:113:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
err = driver->open(comm, path, omode, ncid, info, &ncp);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/header.c:484:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pbp->pos, attrp->xvalue, (size_t)sz);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/header.c:1033:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cpos, gbp->pos, (size_t)strcount);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/header.c:1051:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[X_ALIGN-1];
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/header.c:1233:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, gbp->pos, (size_t)attcount);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/header.c:1249:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[X_ALIGN-1];
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/header.c:1695:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[sizeof(ncmagic1)];
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/header.c:1729:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[8], *hdf5_signature="\211HDF\r\n\032\n";
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/header.c:1730:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(signature, magic, 4);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/misc.c:485:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[sizeof(ncmagic1)]; /* root's file format signature */
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/misc.c:506:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[8], *hdf5_signature="\211HDF\r\n\032\n";
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/misc.c:507:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(signature, magic, 4);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/misc.c:905:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1024];
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/misc.c:984:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ncstrp->cp, str, slen);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/mpincio.c:95:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[MPI_MAX_INFO_VAL];
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/mpinetcdf.c:258:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[MPI_MAX_INFO_VAL];
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/mpinetcdf.c:282:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[MPI_MAX_INFO_VAL];
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/mpinetcdf.c:439:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[MPI_MAX_INFO_VAL];
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/mpinetcdf.c:462:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[MPI_MAX_INFO_VAL];
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/mpinetcdf.c:979:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[MPI_MAX_INFO_VAL];
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/mpinetcdf.c:1067:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%lld", ncp->nciop->hints.h_align);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/mpinetcdf.c:1070:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%lld", ncp->nciop->hints.v_align);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/mpinetcdf.c:1073:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%lld", ncp->nciop->hints.r_align);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/mpinetcdf.c:1076:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%lld", ncp->nciop->hints.header_read_chunk_size);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/mpinetcdf.c:1080:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%d", ncp->nciop->hints.subfile_mode);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/mpinetcdf.c:1082:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%d", ncp->nciop->hints.num_subfiles);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/string.c:89:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ncstrp->cp, str, slen);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_enddef.c:806:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[MPI_MAX_INFO_VAL];
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_enddef.c:894:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%lld", ncp->h_align);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_enddef.c:896:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%lld", ncp->fx_v_align);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_enddef.c:898:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%lld", ncp->r_align);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_enddef.c:902:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%d", ncp->num_subfiles);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_file_misc.c:306:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[MPI_MAX_INFO_VAL];
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_file_misc.c:399:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%lld", ncp->h_align);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_file_misc.c:402:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%lld", ncp->fx_v_align);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_file_misc.c:405:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%lld", ncp->r_align);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_file_misc.c:408:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%d", ncp->chunk);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_file_misc.c:418:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%lld", ncp->ibuf_size);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_file_misc.c:426:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%d", ncp->num_subfiles);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_fill.c:60:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char FILL_CHAR[1] = {0x00};
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_fill.c:61:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char FILL_BYTE[1] = {0x81};
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_fill.c:62:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char FILL_SHORT[2] = {0x80, 0x01};
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_fill.c:63:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char FILL_INT[4] = {0x80, 0x00, 0x00, 0x01};
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_fill.c:64:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char FILL_FLOAT[4] = {0x7C, 0xF0, 0x00, 0x00};
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_fill.c:65:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char FILL_DOUBLE[8] = {0x47, 0x9E, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_fill.c:66:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char FILL_UBYTE[1] = {0xFF};
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_fill.c:67:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char FILL_USHORT[2] = {0xFF, 0xFF};
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_fill.c:68:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char FILL_UINT[4] = {0xFF, 0xFF, 0xFF, 0xFF};
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_fill.c:69:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char FILL_INT64[8] = {0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02};
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_fill.c:70:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char FILL_UINT64[8] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE};
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_fill.c:116:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufp, attrp->xvalue, (size_t)varp->xsz);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_fill.c:139:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufp, xvalue, (size_t)varp->xsz);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_fill.c:785:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&root_fill_value, fill_value, (size_t)varp->xsz);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_hash_func.c:91:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char T[256] = {
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_hash_func.c:300:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest[i].list, src[i].list, (size_t)dest[i].num * SIZEOF_INT);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_header_get.c:552:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cpos, gbp->pos, (size_t)strcount);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_header_get.c:598:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[X_ALIGN-1];
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_header_get.c:795:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, gbp->pos, attcount);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_header_get.c:838:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[X_ALIGN-1];
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_header_get.c:1310:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[NC_MAGIC_LEN];
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_header_get.c:1341:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[8], *hdf5_signature="\211HDF\r\n\032\n";
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_header_put.c:178:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pbp->pos, attrp->xvalue, (size_t)sz);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:35:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_str_[MPI_MAX_ERROR_STRING]; \
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:93:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_sf[1024];
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:152:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_sf[1024];
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:321:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *key[ncp->num_subfiles][var_ndims];
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:337:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[80], *dim_name;
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:399:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vpp[i]->dimids_org, vpp[i]->dimids, (size_t)vpp[i]->ndims*SIZEOF_INT);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:582:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[256], *org_dim_name;
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:664:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_st[100], str_st_org[100], str_ct[100], str_t1[10];
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:666:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_ct, ">> rank(%d): subfile(%d): count(", myrank, i);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:667:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_st_org, "%d: start_org(", i);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:669:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_t1, "%d", my_req[i].start[j]);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:671:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_t1, "%d", my_req[i].count[j]);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:673:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_t1, "%d", my_req[i].start_org[j]);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:902:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(others_req[myrank].start, my_req[myrank].start,
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:931:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_st[100], str_st_org[100], str_ct[100], str_t1[10];
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:932:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_st, "%d: others.start(", i);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:933:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_ct, "%d: others.count(", i);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:934:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_st_org, "%d: others.start_org(", i);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:937:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_t1, "%d", others_req[i].start[j]);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:939:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_t1, "%d", others_req[i].count[j]);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:941:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_t1, "%d", others_req[i].start_org[j]);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_sync.c:84:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pos[8], *buf=pos;
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_util.c:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[MPI_MAX_INFO_VAL];
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_util.c:57:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (!flag) sprintf(value, "%d", FILE_ALIGNMENT_DEFAULT);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_util.c:70:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (!flag) sprintf(value, "%d", FILE_ALIGNMENT_DEFAULT);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_util.c:84:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (!flag) sprintf(value, "%d", FILE_ALIGNMENT_DEFAULT);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_util.c:98:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (!flag) sprintf(value, "%d", NC_DEFAULT_CHUNKSIZE);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_util.c:119:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (!flag) strcpy(value, "auto");
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_util.c:134:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (!flag) sprintf(value, "%d", NC_DEFAULT_IBUF_SIZE);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_util.c:145:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (!flag) strcpy(value, "disable");
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_util.c:426:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[8];
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_util.c:481:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xbuf, cbuf, (size_t)xbuf_size);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_var.c:97:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(varp->dimids, rvarp->dimids, (size_t)rvarp->ndims * SIZEOF_INT);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_var.c:108:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(varp->shape, rvarp->shape, (size_t)rvarp->ndims * SIZEOF_MPI_OFFSET);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_var.c:109:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(varp->dsizes, rvarp->dsizes, (size_t)rvarp->ndims * SIZEOF_MPI_OFFSET);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_var.c:368:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(varp->dimids, dimids, (size_t)ndims * SIZEOF_INT);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_var.c:514:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dimids, varp->dimids_org, (size_t)varp->ndims_org * SIZEOF_INT);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_var.c:517:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dimids, varp->dimids, (size_t)varp->ndims * SIZEOF_INT);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_wait.c:729:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(put_list_ptr,
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_wait.c:742:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(get_list_ptr,
data/pnetcdf-1.12.1/src/include/dispatch.h:50:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int (*open)(MPI_Comm, const char*, int, int, MPI_Info, void**);
data/pnetcdf-1.12.1/src/include/pnc_debug.h:32:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorString[MPI_MAX_ERROR_STRING]; \
data/pnetcdf-1.12.1/src/utils/ncmpidiff/cdfdiff.c:279:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[8];
data/pnetcdf-1.12.1/src/utils/ncmpidiff/cdfdiff.c:283:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd[i] = open(argv[optind+i], O_RDONLY);
data/pnetcdf-1.12.1/src/utils/ncmpidiff/cdfdiff.c:433:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *str[2];
data/pnetcdf-1.12.1/src/utils/ncmpidiff/cdfdiff.c:680:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *str[2];
data/pnetcdf-1.12.1/src/utils/ncmpidiff/cdfdiff.c:955:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *str[2];
data/pnetcdf-1.12.1/src/utils/ncmpidiff/ncmpidiff.c:281:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *name[2];
data/pnetcdf-1.12.1/src/utils/ncmpidiff/ncmpidiff.c:637:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimname[2][NC_MAX_NAME];
data/pnetcdf-1.12.1/src/utils/ncmpidiff/ncmpidiff.c:678:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attrname[NC_MAX_NAME];
data/pnetcdf-1.12.1/src/utils/ncmpidiff/ncmpidiff.c:735:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attrname[NC_MAX_NAME];
data/pnetcdf-1.12.1/src/utils/ncmpidump/dumplib.c:87:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(float_var_fmt, "%%.%dg", float_digits);
data/pnetcdf-1.12.1/src/utils/ncmpidump/dumplib.c:88:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(double_var_fmt, "%%.%dg", double_digits);
data/pnetcdf-1.12.1/src/utils/ncmpidump/dumplib.c:89:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(float_att_fmt, "%%#.%dgf", float_digits);
data/pnetcdf-1.12.1/src/utils/ncmpidump/dumplib.c:90:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(double_att_fmt, "%%#.%dg", double_digits);
data/pnetcdf-1.12.1/src/utils/ncmpidump/dumplib.c:104:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cfmt[MAX_CFMT_LEN];
data/pnetcdf-1.12.1/src/utils/ncmpidump/ncmpidump.c:237:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gps[30];
data/pnetcdf-1.12.1/src/utils/ncmpidump/ncmpidump.c:748:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[8];
data/pnetcdf-1.12.1/src/utils/ncmpidump/ncmpidump.c:751:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(path, O_RDONLY, 0700)) == -1) {
data/pnetcdf-1.12.1/src/utils/ncmpidump/ncmpidump.c:780:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char footer[BP_MINIFOOTER_SIZE];
data/pnetcdf-1.12.1/src/utils/ncmpidump/ncmpidump.c:783:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(path, O_RDONLY, 0700)) == -1) {
data/pnetcdf-1.12.1/src/utils/ncmpidump/ncmpidump.h:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NC_MAX_NAME];
data/pnetcdf-1.12.1/src/utils/ncmpidump/ncmpidump.h:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NC_MAX_NAME];
data/pnetcdf-1.12.1/src/utils/ncmpidump/ncmpidump.h:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NC_MAX_NAME];
data/pnetcdf-1.12.1/src/utils/ncmpidump/vardata.c:341:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sout[100]; /* temporary string for each encoded output */
data/pnetcdf-1.12.1/src/utils/ncmpidump/vardata.c:399:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void) strcat(sout, ", ");
data/pnetcdf-1.12.1/src/utils/ncmpidump/vardata.c:442:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sout[100]; /* temporary string for each encoded output */ \
data/pnetcdf-1.12.1/src/utils/ncmpidump/vardata.c:451:20: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void) strcat(sout, ", "); \
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:83:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(signed char *) atts[iatt].val);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:88:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *) atts[iatt].val);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:113:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(unsigned char *) atts[iatt].val);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:207:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(cp,"%d", (signed char) *(bytep+num));
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:213:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(cp,"%d",* (shortp + num));
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:219:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(cp,"%d",* (intp + num));
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:225:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(cp,"%.8g",* (floatp + num));
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:231:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(cp,"%.16g",* (doublep + num));
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:238:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(cp,"%hhu", (unsigned char) *(ubytep+num));
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:244:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(cp,"%hu",* (ushortp + num));
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:250:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(cp,"%u",* (uintp + num));
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:256:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(cp,"%lld",* (int64p + num));
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:262:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(cp,"%llu",* (uint64p + num));
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:282:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stmnt[C_MAX_STMNT];
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:463:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
val_string = cstrstr((char *) atts[iatt].val, (size_t)atts[iatt].len);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:640:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stmnt[FORT_MAX_STMNT];
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:641:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s2[NC_MAX_NAME + 10];
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:855:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
val_string = fstrstr((char *) atts[iatt].val, (size_t)atts[iatt].len);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1137:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp,"%d", schp[num]);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1143:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(cp,"%d",* (shortp + num));
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1149:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(cp,"%d",* (intp + num));
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1155:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(cp,"%.8g",* (floatp + num));
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1161:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(cp,"%.16g",* (doublep + num));
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1193:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sp,"\"\"");
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1251:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, tstr[12];
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1264:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ostr, "char(0)");
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1288:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tstr, "char(%d)", (unsigned char)*istr);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1298:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cp, "//'");
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1321:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tstr, "//char(%d)", (unsigned char)*istr);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1412:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stmnt[FORT_MAX_STMNT];
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1413:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s2[FORT_MAX_STMNT];
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1429:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(stmnt, "call writerecs(ncid,");
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1455:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(stmnt, "subroutine writerecs(ncid,");
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1671:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void) strcat(filename,".cdf"); /* old, deprecated extension */
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1673:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void) strcat(filename,".nc"); /* new, favored extension */
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1971:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(sp, "_dash_");
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1975:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(sp, "_dot_");
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1979:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(sp, "_at_");
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1983:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(sp, "_hash_");
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1987:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(sp, "_lbr_");
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1991:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(sp, "_rbr_");
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:77:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stmnt[C_MAX_STMNT];
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:79:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s2[C_MAX_STMNT];
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:152:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%d, ", *charvalp++);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:155:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%d, ", *shortvalp++);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:158:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%ld, ", (long)*intvalp++);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:161:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%.8g, ", *floatvalp++);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:164:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%#.16g", *doublevalp++);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:166:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(s2, ", ");
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:169:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%hhu, ", (unsigned char)*ubytevalp++);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:172:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%hu, ", (unsigned short)*ushortvalp++);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:175:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%u, ", (unsigned int)*uintvalp++);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:178:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%lld, ", (long long)*int64valp++);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:181:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%llu, ", (unsigned long long)*uint64valp++);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:200:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%d", *charvalp);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:203:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%d", *shortvalp);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:206:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%ld", (long)*intvalp);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:209:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%.8g", *floatvalp);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:212:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%#.16g", *doublevalp++);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:216:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%hhu, ", (unsigned char)*ubytevalp++);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:219:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%hu, ", (unsigned short)*ushortvalp++);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:222:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%u, ", (unsigned int)*uintvalp++);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:225:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%lld, ", (long long)*int64valp++);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:228:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%llu, ", (unsigned long long)*uint64valp++);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:245:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(stmnt,"};");
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:306:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%d", *charvalp);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:310:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%d", *shortvalp);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:314:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%ld", (long)*intvalp);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:318:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%.8g", *floatvalp);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:322:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%#.16g", *doublevalp++);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:327:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%hhu", (unsigned char)*ubytevalp);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:331:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%hu", (unsigned short)*ushortvalp);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:335:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%u", (unsigned int)*uintvalp);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:339:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%lld", (long long)*int64valp);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:343:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%llu", (unsigned long long)*uint64valp);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:412:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stmnt[FORT_MAX_STMNT];
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:414:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s2[FORT_MAX_STMNT];
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:436:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%d, ", *shortvalp++);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:439:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%d", *shortvalp);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:445:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%ld, ", (long)*intvalp++);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:448:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%ld", (long)*intvalp);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:454:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%.8g, ", *floatvalp++);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:457:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%.8g", *floatvalp);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:463:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%#.16g", *doublevalp++);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:469:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%#.16g", *doublevalp++);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:477:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%hhu, ", (unsigned char)*ubytevalp++);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:480:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%hhu", (unsigned char)*ubytevalp);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:486:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%hu, ", (unsigned short)*ushortvalp++);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:489:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%hu", (unsigned short)*ushortvalp);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:495:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%u, ", (unsigned int)*uintvalp++);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:498:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%u", (unsigned int)*uintvalp);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:504:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%lld, ", (long long)*int64valp++);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:507:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%lld", (long long)*int64valp);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:513:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%llu, ", (unsigned long long)*uint64valp++);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:516:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%llu", (unsigned long long)*uint64valp);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:543:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stmnt[FORT_MAX_STMNT];
data/pnetcdf-1.12.1/src/utils/ncmpigen/main.c:213:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(argv[0], "r")) == NULL) {
data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigentab.c:80:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char termstring[MAXTRST]; /* last terminal string read */
data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigentab.c:823:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
dims[ndims].name = (char *) emalloc(strlen(yyvsp[0]->name)+1);
data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigentab.c:897:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
vars[nvars].name = (char *) emalloc(strlen(yyvsp[0]->name)+1);
data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigentab.c:984:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
atts[natts].name = (char *) emalloc(strlen(yyvsp[0]->name)+1);
data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigenyy.c:700:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errstr[100]; /* for short error messages */
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:246:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp, gbp->pos, 8);
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:256:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp, gbp->pos, 4);
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:930:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cpos, gbp->pos, strcount);
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:973:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[X_ALIGN-1];
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:1166:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, gbp->pos, (size_t)attcount);
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:1206:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[X_ALIGN-1];
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:1944:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(filename, O_RDONLY, 0666);
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:2067:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type_str[16], str[1024], *line;
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:2104:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(line, "..., ");
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:2159:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type_str[16], str[1024], *line;
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:2194:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(line, "..., ");
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:2214:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rec_num[32];
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:2215:35: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (j % 10 == 1) sprintf(rec_num, "%dst", j);
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:2216:35: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (j % 10 == 2) sprintf(rec_num, "%dnd", j);
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:2217:35: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (j % 10 == 3) sprintf(rec_num, "%drd", j);
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:2218:35: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(rec_num, "%dth", j);
data/pnetcdf-1.12.1/src/utils/ncvalidator/ncvalidator.c:36:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char nada[4] = {0, 0, 0, 0};
data/pnetcdf-1.12.1/src/utils/ncvalidator/ncvalidator.c:239:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp, gbp->pos, 8);
data/pnetcdf-1.12.1/src/utils/ncvalidator/ncvalidator.c:250:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp, gbp->pos, 4);
data/pnetcdf-1.12.1/src/utils/ncvalidator/ncvalidator.c:737:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xloc[1024];
data/pnetcdf-1.12.1/src/utils/ncvalidator/ncvalidator.c:981:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cpos, pad[X_ALIGN-1];
data/pnetcdf-1.12.1/src/utils/ncvalidator/ncvalidator.c:1009:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy(cpos, gbp->pos, strcount);
data/pnetcdf-1.12.1/src/utils/ncvalidator/ncvalidator.c:1259:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[X_ALIGN-1];
data/pnetcdf-1.12.1/src/utils/ncvalidator/ncvalidator.c:1273:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy(value, gbp->pos, attcount);
data/pnetcdf-1.12.1/src/utils/ncvalidator/ncvalidator.c:1451:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xloc[1024];
data/pnetcdf-1.12.1/src/utils/ncvalidator/ncvalidator.c:2049:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[5];
data/pnetcdf-1.12.1/src/utils/ncvalidator/ncvalidator.c:2082:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(magic, getbuf.base, 4);
data/pnetcdf-1.12.1/src/utils/ncvalidator/ncvalidator.c:2256:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[512], *path;
data/pnetcdf-1.12.1/src/utils/ncvalidator/ncvalidator.c:2296:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, omode);
data/pnetcdf-1.12.1/src/utils/ncvalidator/tst_open.c:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/C/Legacy/sfc_pres_temp_rd.c:68:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pres_units_in[MAX_ATT_LEN], temp_units_in[MAX_ATT_LEN];
data/pnetcdf-1.12.1/test/C/Legacy/sfc_pres_temp_rd.c:69:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lat_units_in[MAX_ATT_LEN], lon_units_in[MAX_ATT_LEN];
data/pnetcdf-1.12.1/test/C/pres_temp_4D_rd.c:109:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cmd_str = (char *)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/C/pres_temp_4D_wr.c:109:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 2 && atoi(argv[2]) == 4)
data/pnetcdf-1.12.1/test/C/pres_temp_4D_wr.c:113:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cmd_str = (char *)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/CXX/nctst.cpp:363:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char np[NC_MAX_NAME];
data/pnetcdf-1.12.1/test/CXX/nctst.cpp:508:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/CXX/nctst.cpp:521:19: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/CXX/nctst.cpp:539:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format_name[NUM_FORMATS][NC_MAX_NAME] =
data/pnetcdf-1.12.1/test/CXX/test_classic.cpp:14:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/CXX/test_classic.cpp:25:19: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/Legacy/test_double/test_read.c:71:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NC_MAX_NAME];
data/pnetcdf-1.12.1/test/Legacy/test_double/test_read_indep.c:71:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NC_MAX_NAME];
data/pnetcdf-1.12.1/test/Legacy/test_double_int/test_read.c:71:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NC_MAX_NAME];
data/pnetcdf-1.12.1/test/Legacy/test_double_int/test_read_indep.c:71:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NC_MAX_NAME];
data/pnetcdf-1.12.1/test/Legacy/test_dtype/test_darray.c:140:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimname[20];
data/pnetcdf-1.12.1/test/Legacy/test_dtype/test_darray.c:200:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dimname, "dim_%d", i);
data/pnetcdf-1.12.1/test/Legacy/test_dtype/test_nonblocking.c:144:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimname[20];
data/pnetcdf-1.12.1/test/Legacy/test_dtype/test_nonblocking.c:203:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dimname, "dim_%d", i);
data/pnetcdf-1.12.1/test/Legacy/test_dtype/test_subarray.c:144:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimname[20];
data/pnetcdf-1.12.1/test/Legacy/test_dtype/test_subarray.c:204:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dimname, "dim_%d", i);
data/pnetcdf-1.12.1/test/Legacy/test_float/test_read.c:72:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NC_MAX_NAME];
data/pnetcdf-1.12.1/test/Legacy/test_float/test_read_indep.c:71:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NC_MAX_NAME];
data/pnetcdf-1.12.1/test/Legacy/test_int/test_read.c:71:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NC_MAX_NAME];
data/pnetcdf-1.12.1/test/Legacy/test_int/test_read64.c:71:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NC_MAX_NAME];
data/pnetcdf-1.12.1/test/Legacy/test_int/test_read_indep.c:71:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NC_MAX_NAME];
data/pnetcdf-1.12.1/test/adios/att.c:31:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], data[1024];
data/pnetcdf-1.12.1/test/adios/header.c:62:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], lbl[256];
data/pnetcdf-1.12.1/test/adios/header.c:79:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "arrays.bp");
data/pnetcdf-1.12.1/test/adios/header.c:101:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lbl, "size of dim %d", dimid);
data/pnetcdf-1.12.1/test/adios/header.c:107:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lbl, "ndim of var %d", varid);
data/pnetcdf-1.12.1/test/adios/header.c:112:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lbl, "dims of var %d", varid);
data/pnetcdf-1.12.1/test/adios/indep.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/adios/ivar.c:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], tmp[1024];
data/pnetcdf-1.12.1/test/adios/ivarm.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/adios/ivars.c:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/adios/open.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/adios/var.c:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], tmp[1024];
data/pnetcdf-1.12.1/test/adios/varm.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/adios/vars.c:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/burst_buffer/bb_bsize.c:31:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bsize[32];
data/pnetcdf-1.12.1/test/burst_buffer/bb_bsize.c:70:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bsize, "%u", (unsigned int)(SIZE * SIZE / 16 * sizeof(int)));
data/pnetcdf-1.12.1/test/burst_buffer/bb_hints.c:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/burst_buffer/bb_hints.c:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hint[MPI_MAX_INFO_VAL];
data/pnetcdf-1.12.1/test/burst_buffer/bb_hints.c:49:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/burst_buffer/highdim.c:90:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ndims = atoi(argv[2]);
data/pnetcdf-1.12.1/test/burst_buffer/highdim.c:146:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dimname, "D%d", i);
data/pnetcdf-1.12.1/test/cdf_format/cdf_type.c:75:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/pnetcdf-1.12.1/test/cdf_format/cdf_type.c:76:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "gattr_%d", i);
data/pnetcdf-1.12.1/test/cdf_format/cdf_type.c:114:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/pnetcdf-1.12.1/test/cdf_format/cdf_type.c:115:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "var_%d", i);
data/pnetcdf-1.12.1/test/cdf_format/cdf_type.c:139:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/cdf_format/cdf_type.c:151:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/cdf_format/dim_cdf12.c:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/cdf_format/dim_cdf12.c:88:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/cdf_format/test_inq_format.c:18:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir_name[256], filename[256];
data/pnetcdf-1.12.1/test/cdf_format/tst_corrupt.c:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *bad_xtype[3] ={"bad_xtype.nc1", "bad_xtype.nc2", "bad_xtype.nc5"};
data/pnetcdf-1.12.1/test/cdf_format/tst_corrupt.c:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *bad_ndims[3] ={"bad_ndims.nc1", "bad_ndims.nc2", "bad_ndims.nc5"};
data/pnetcdf-1.12.1/test/cdf_format/tst_corrupt.c:61:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *bad_dimid[3] ={"bad_dimid.nc1", "bad_dimid.nc2", "bad_dimid.nc5"};
data/pnetcdf-1.12.1/test/cdf_format/tst_corrupt.c:62:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *bad_nattrs[3]={"bad_nattrs.nc1", "bad_nattrs.nc2", "bad_nattrs.nc5"};
data/pnetcdf-1.12.1/test/cdf_format/tst_corrupt.c:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[512], dirname[512];
data/pnetcdf-1.12.1/test/cdf_format/tst_open_cdf5.c:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/common/testutils.c:18:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char unknown_str[32];
data/pnetcdf-1.12.1/test/common/testutils.c:23:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(unknown_str,"Unknown error code %d",err);
data/pnetcdf-1.12.1/test/common/testutils.c:172:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(unknown_str,"Unknown code %d",err);
data/pnetcdf-1.12.1/test/common/testutils.h:49:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_string[MPI_MAX_ERROR_STRING+1]; \
data/pnetcdf-1.12.1/test/fandc/csnap.c:81:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/fandc/csnap.c:93:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/header/header_consistency.c:140:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gattr[128];
data/pnetcdf-1.12.1/test/header/header_consistency.c:152:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(gattr, "gattr_name.%d",rank);
data/pnetcdf-1.12.1/test/header/header_consistency.c:205:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128], var_attr[128];
data/pnetcdf-1.12.1/test/header/header_consistency.c:217:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(var_attr, "var_attr_name.%d",rank);
data/pnetcdf-1.12.1/test/header/header_consistency.c:273:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "var.%d",rank);
data/pnetcdf-1.12.1/test/largefile/high_dim_var.c:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], name[32];
data/pnetcdf-1.12.1/test/largefile/high_dim_var.c:46:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/largefile/high_dim_var.c:64:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "dim%d", i);
data/pnetcdf-1.12.1/test/largefile/high_dim_var.c:69:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "fix_var%d", i);
data/pnetcdf-1.12.1/test/largefile/high_dim_var.c:71:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "rec_var%d", i);
data/pnetcdf-1.12.1/test/largefile/large_coalesce.c:31:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/largefile/large_coalesce.c:51:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/largefile/large_coalesce.c:158:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hint[MPI_MAX_INFO_VAL];
data/pnetcdf-1.12.1/test/largefile/large_dims_vars_attrs.c:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], str[32];
data/pnetcdf-1.12.1/test/largefile/large_dims_vars_attrs.c:47:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/largefile/large_dims_vars_attrs.c:66:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "dim%d", i);
data/pnetcdf-1.12.1/test/largefile/large_dims_vars_attrs.c:75:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "attr%d", i);
data/pnetcdf-1.12.1/test/largefile/large_dims_vars_attrs.c:81:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char attrBuf[3]={1,2,3};
data/pnetcdf-1.12.1/test/largefile/large_dims_vars_attrs.c:82:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "var%d", i);
data/pnetcdf-1.12.1/test/largefile/large_dims_vars_attrs.c:114:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "attr%d", i);
data/pnetcdf-1.12.1/test/largefile/large_files.c:153:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/largefile/large_files.c:166:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/largefile/large_var.c:63:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/largefile/large_var.c:82:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/largefile/large_var.c:418:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorString[MPI_MAX_ERROR_STRING];
data/pnetcdf-1.12.1/test/largefile/tst_cdf5_begin.c:87:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/largefile/tst_cdf5_begin.c:102:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/nc4/noclobber.c:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/nc4/noclobber.c:34:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/nc4/notsupport.c:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/nc4/notsupport.c:57:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/nc4/pres_temp_4D.c:382:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/nc4/pres_temp_4D.c:395:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/nc4/rd_compressed.c:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[512];
data/pnetcdf-1.12.1/test/nc4/rd_compressed.c:80:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/nc4/simple_xy.c:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/nc4/simple_xy.c:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/pnetcdf-1.12.1/test/nc4/tst_2_rec_dims.c:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[512];
data/pnetcdf-1.12.1/test/nc4/tst_2_rec_dims.c:46:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/nc4/tst_get_put_size.c:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/nc4/tst_get_put_size.c:44:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/nc4/tst_rec_vars.c:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/nc4/tst_rec_vars.c:43:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/nc4/tst_zero_req.c:134:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/nc4/tst_zero_req.c:146:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/nc_test/nc_test.c:37:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dim_name[NDIMS][3];
data/pnetcdf-1.12.1/test/nc_test/nc_test.c:39:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_name[NVARS][2+MAX_RANK];
data/pnetcdf-1.12.1/test/nc_test/nc_test.c:46:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_name[NVARS][MAX_NATTS][2];
data/pnetcdf-1.12.1/test/nc_test/nc_test.c:47:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gatt_name[NGATTS][3];
data/pnetcdf-1.12.1/test/nc_test/nc_test.c:64:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char testfile[256];
data/pnetcdf-1.12.1/test/nc_test/nc_test.c:65:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scratch[256];
data/pnetcdf-1.12.1/test/nc_test/nc_test.c:104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char func_name[64]; \
data/pnetcdf-1.12.1/test/nc_test/nc_test.c:113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char func_name[64]; \
data/pnetcdf-1.12.1/test/nc_test/nc_test.c:121:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char func_name[64]; \
data/pnetcdf-1.12.1/test/nc_test/nc_test.c:154:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(testfile, "test.nc"); /* read-only testfile */
data/pnetcdf-1.12.1/test/nc_test/nc_test.c:155:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(scratch, "scratch.nc"); /* writable scratch file */
data/pnetcdf-1.12.1/test/nc_test/t_nc.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mnem[NC_MAX_NAME];
data/pnetcdf-1.12.1/test/nc_test/t_nc.c:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mnem[NC_MAX_NAME];
data/pnetcdf-1.12.1/test/nc_test/t_nc.c:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char by[8];
data/pnetcdf-1.12.1/test/nc_test/t_nc.c:132:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cp[NC_MAX_NAME];
data/pnetcdf-1.12.1/test/nc_test/t_nc.c:318:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sentence[NUM_RECS* SIZE_1 -1] =
data/pnetcdf-1.12.1/test/nc_test/t_nc.c:333:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/pnetcdf-1.12.1/test/nc_test/t_nc.c:618:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/nc_test/t_nc.c:631:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1073:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const signed char Gb_att[2] = {-128, 127} ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1099:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const signed char s_b_att[1] = {-128} ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1130:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char c_data[1] = {'\002'};
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1135:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static signed char b_data[1] = {-2};
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1159:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cr_data[2] = "\177\177" ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1166:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char br_data[2] = {-128, 127} ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1201:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c1_data[1] = "\177" ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1208:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char b1_data[1] = {-128} ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1243:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c2_data[2] = "\177\177" ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1250:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char b2_data[2] = {-128, 127} ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1285:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c3_data[3] = "\177\177A" ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1292:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char b3_data[3] = {-128, 127, 127} ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1327:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c4_data[4] = "\177\177AZ" ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1334:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char b4_data[4] = {-128, 127, 127, -128} ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1369:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cr1_data[2] = "\030\034" ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1376:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char br2_data[4] = {-24, -26, -20, -22} ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1411:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c13_data[3] = "\030\032\034" ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1418:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char b14_data[4] = {-24, -26, -28, -30} ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1453:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c31_data[3] = "\030\034 " ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1460:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char b32_data[6] = {-24, -26, -20, -22, -16, -18} ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1495:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c43_data[12] = "\030\032\034\034\036 \"$$&(" ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1502:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char b44_data[16] = {-24, -26, -28, -30, -20, -22, -24, -26, -16, -18, -20, -22, -12, -14, -16, -18} ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1537:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cr21_data[4] = "@DHL" ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1544:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char br22_data[8] = {64, 62, 68, 66, 56, 54, 60, 58} ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1579:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cr33_data[18] = "@BDDFHHJLHJLLNPPRT" ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1586:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char br34_data[24] = {64, 62, 60, 58, 68, 66, 64, 62, 72, 70, 68, 66, 56, 54, 52, 50, 60, 58, 56, 54, 64, 62, 60, 58} ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1621:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c111_data[1] = "@" ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1628:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char b112_data[2] = {64, 62} ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1663:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c123_data[6] = "@BDDFH" ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1670:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char b124_data[8] = {64, 62, 60, 58, 68, 66, 64, 62} ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1705:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c141_data[4] = "@DHL" ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1712:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char b142_data[8] = {64, 62, 68, 66, 72, 70, 76, 74} ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1747:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c213_data[6] = "@BDHJL" ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1754:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char b214_data[8] = {64, 62, 60, 58, 56, 54, 52, 50} ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1789:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c231_data[6] = "@DHHLP" ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1796:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char b232_data[12] = {64, 62, 68, 66, 72, 70, 56, 54, 60, 58, 64, 62} ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1831:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c243_data[24] = "@BDDFHHJLLNPHJLLNPPRTTVX" ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1838:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char b244_data[32] = {64, 62, 60, 58, 68, 66, 64, 62, 72, 70, 68, 66, 76, 74, 72, 70, 56, 54, 52, 50, 60, 58, 56, 54, 64, 62, 60, 58, 68, 66, 64, 62} ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1873:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c321_data[6] = "@DHLPT" ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1880:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char b322_data[12] = {64, 62, 68, 66, 56, 54, 60, 58, 48, 46, 52, 50} ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1915:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c333_data[27] = "@BDDFHHJLHJLLNPPRTPRTTVXXZ\\" ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1922:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char b334_data[36] = {64, 62, 60, 58, 68, 66, 64, 62, 72, 70, 68, 66, 56, 54, 52, 50, 60, 58, 56, 54, 64, 62, 60, 58, 48, 46, 44, 42, 52, 50, 48, 46, 56, 54, 52, 50} ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1957:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c411_data[4] = "@HPX" ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1964:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char b412_data[8] = {64, 62, 56, 54, 48, 46, 40, 38} ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:1999:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c423_data[24] = "@BDDFHHJLLNPPRTTVXXZ\\\\^`" ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:2006:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char b424_data[32] = {64, 62, 60, 58, 68, 66, 64, 62, 56, 54, 52, 50, 60, 58, 56, 54, 48, 46, 44, 42, 52, 50, 48, 46, 40, 38, 36, 34, 44, 42, 40, 38} ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:2041:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c441_data[16] = "@DHLHLPTPTX\\X\\`d" ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:2048:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char b442_data[32] = {64, 62, 68, 66, 72, 70, 76, 74, 56, 54, 60, 58, 64, 62, 68, 66, 48, 46, 52, 50, 56, 54, 60, 58, 40, 38, 44, 42, 48, 46, 52, 50} ;
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:2094:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_in[NC_MAX_NAME + 1];
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:2153:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_in[NC_MAX_NAME + 1];
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:2205:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:2218:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/nc_test/tst_atts3.c:96:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NUM_ATTS][ATT_MAX_NAME + 1] = {"Gc", "Gb", "Gs", "Gi", "Gf",
data/pnetcdf-1.12.1/test/nc_test/tst_atts3.c:99:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char b[2] = {-128, 127};
data/pnetcdf-1.12.1/test/nc_test/tst_atts3.c:105:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_in[NC_MAX_NAME];
data/pnetcdf-1.12.1/test/nc_test/tst_atts3.c:136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename2[256];
data/pnetcdf-1.12.1/test/nc_test/tst_atts3.c:138:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char schar_in[ATT_LEN], schar_out[ATT_LEN] = {NC_MIN_BYTE, 1, NC_MAX_BYTE};
data/pnetcdf-1.12.1/test/nc_test/tst_atts3.c:139:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char uchar_in[ATT_LEN];
data/pnetcdf-1.12.1/test/nc_test/tst_atts3.c:163:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NUM_SIMPLE_ATTS][ATT_MAX_NAME + 1] = {"Gc", "Gb", "Gs", "Gi", "Gf",
data/pnetcdf-1.12.1/test/nc_test/tst_atts3.c:165:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_in[NC_MAX_NAME];
data/pnetcdf-1.12.1/test/nc_test/tst_atts3.c:428:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char schar_in[ATT_LEN];
data/pnetcdf-1.12.1/test/nc_test/tst_atts3.c:468:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char schar_in[ATT_LEN];
data/pnetcdf-1.12.1/test/nc_test/tst_atts3.c:511:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_in[NC_MAX_NAME + 1];
data/pnetcdf-1.12.1/test/nc_test/tst_atts3.c:634:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_in[NC_MAX_NAME + 1];
data/pnetcdf-1.12.1/test/nc_test/tst_atts3.c:699:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char schar_in[ATT_LEN], schar_out[ATT_LEN] = {NC_MIN_BYTE, 1, NC_MAX_BYTE};
data/pnetcdf-1.12.1/test/nc_test/tst_atts3.c:762:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/nc_test/tst_atts3.c:775:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/nc_test/tst_misc.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cmd_str, *path, filename[256];
data/pnetcdf-1.12.1/test/nc_test/tst_misc.c:44:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/nc_test/tst_misc.c:65:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy_data[DATA_LEN];
data/pnetcdf-1.12.1/test/nc_test/tst_misc.c:76:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(file = fopen(path, "w+"))) nerrs++;
data/pnetcdf-1.12.1/test/nc_test/tst_names.c:218:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attstr_in[MAX_ATTSTRING_LEN];
data/pnetcdf-1.12.1/test/nc_test/tst_names.c:226:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/nc_test/tst_names.c:239:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/nc_test/tst_nofill.c:400:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varname1[NC_MAX_NAME];
data/pnetcdf-1.12.1/test/nc_test/tst_nofill.c:401:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varname2[NC_MAX_NAME];
data/pnetcdf-1.12.1/test/nc_test/tst_norm.c:102:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_in[UNAMELEN + 1], strings_in[UNAMELEN + 1];
data/pnetcdf-1.12.1/test/nc_test/tst_norm.c:171:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/nc_test/tst_norm.c:184:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/nc_test/tst_small.c:36:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att[MAX_LEN + 1], att_in[MAX_LEN + 1], source[MAX_LEN + 1] = "0123456";
data/pnetcdf-1.12.1/test/nc_test/tst_small.c:89:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[NUM_VALS][STR_LEN + 1], data_in[NUM_VALS][STR_LEN];
data/pnetcdf-1.12.1/test/nc_test/tst_small.c:96:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(data[0], "2005-04-11_12:00:00");
data/pnetcdf-1.12.1/test/nc_test/tst_small.c:97:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(data[1], "2005-04-11_13:00:00");
data/pnetcdf-1.12.1/test/nc_test/tst_small.c:138:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[NUM_VALS][STR_LEN + 1], data_in[NUM_VALS][STR_LEN];
data/pnetcdf-1.12.1/test/nc_test/tst_small.c:145:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(data[0], "2005-04-11_12:00:00");
data/pnetcdf-1.12.1/test/nc_test/tst_small.c:146:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(data[1], "2005-04-11_13:00:00");
data/pnetcdf-1.12.1/test/nc_test/tst_small.c:220:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[MAX_RECS], data_in;
data/pnetcdf-1.12.1/test/nc_test/tst_small.c:272:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[MAX_RECS], data_in;
data/pnetcdf-1.12.1/test/nc_test/tst_small.c:273:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_name[NC_MAX_NAME + 1];
data/pnetcdf-1.12.1/test/nc_test/tst_small.c:297:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(att_name, "a_%d", data[r]);
data/pnetcdf-1.12.1/test/nc_test/tst_small.c:326:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[MAX_RECS], data_in;
data/pnetcdf-1.12.1/test/nc_test/tst_small.c:327:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_name[NC_MAX_NAME + 1];
data/pnetcdf-1.12.1/test/nc_test/tst_small.c:351:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(att_name, "a_%d", data[r]);
data/pnetcdf-1.12.1/test/nc_test/tst_small.c:415:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/nc_test/tst_small.c:429:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/nc_test/util.c:759:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char catt[MAX_NELS];
data/pnetcdf-1.12.1/test/nc_test/util.c:804:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[MAX_NELS];
data/pnetcdf-1.12.1/test/nc_test/util.c:808:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hint[MPI_MAX_INFO_VAL];
data/pnetcdf-1.12.1/test/nc_test/util.c:902:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NC_MAX_NAME];
data/pnetcdf-1.12.1/test/nc_test/util.c:924:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text, name[NC_MAX_NAME];
data/pnetcdf-1.12.1/test/nc_test/util.c:994:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NC_MAX_NAME], text[MAX_NELS];
data/pnetcdf-1.12.1/test/nonblocking/flexible_bput.c:121:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/nonblocking/flexible_bput.c:140:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/nonblocking/i_varn_indef.c:175:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], *varname[4];
data/pnetcdf-1.12.1/test/nonblocking/i_varn_indef.c:225:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/nonblocking/i_varn_indef.c:307:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hint[MPI_MAX_INFO_VAL];
data/pnetcdf-1.12.1/test/nonblocking/i_varn_int64.c:558:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/nonblocking/i_varn_int64.c:572:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/nonblocking/interleaved.c:88:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/nonblocking/interleaved.c:110:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/nonblocking/large_num_reqs.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/nonblocking/large_num_reqs.c:43:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:102:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[512], name1[NC_MAX_NAME], name2[NC_MAX_NAME], name[NC_MAX_NAME];
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:126:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str,"ndims1(%d) != ndims2(%d)",ndims1, ndims2);
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:129:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str,"nvars1(%d) != nvars2(%d)",nvars1, nvars2);
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:132:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str,"natts1(%d) != natts2(%d)",natts1, natts2);
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:307:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fbasename[256], filename[256];
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:308:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename1[256], filename2[256], filename3[256];
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:309:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimname[20], varname[20];
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:339:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(fbasename, "testfile");
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:475:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dimname, "dim0_%d", i);
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:479:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dimname, "dim1_%d", 0);
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:483:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dimname, "dim1_%d", i);
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:491:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(varname, "var0_%d", i);
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:496:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(varname, "var1_%d", i);
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:502:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(varname, "var0_%d", i);
data/pnetcdf-1.12.1/test/nonblocking/req_all.c:70:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/nonblocking/req_all.c:87:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/nonblocking/test_bput.c:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/nonblocking/test_bput.c:44:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/nonblocking/wait_after_indep.c:31:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/nonblocking/wait_after_indep.c:35:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[NY][NX];
data/pnetcdf-1.12.1/test/nonblocking/wait_after_indep.c:47:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/subfile/test_subfile.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimname[20], varname[20];
data/pnetcdf-1.12.1/test/subfile/test_subfile.c:201:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[10];
data/pnetcdf-1.12.1/test/subfile/test_subfile.c:202:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%d", num_sf);
data/pnetcdf-1.12.1/test/subfile/test_subfile.c:222:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dimname, "dim0_%d", i);
data/pnetcdf-1.12.1/test/subfile/test_subfile.c:230:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(varname, "var0_%d", i);
data/pnetcdf-1.12.1/test/subfile/test_subfile.c:255:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/pnetcdf-1.12.1/test/subfile/test_subfile.c:263:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(varname, "var0_%d", i);
data/pnetcdf-1.12.1/test/testcases/add_var.c:35:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[256], var_name[256];
data/pnetcdf-1.12.1/test/testcases/add_var.c:59:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(var_name, "var_%d", i);
data/pnetcdf-1.12.1/test/testcases/add_var.c:100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], *hint_value;
data/pnetcdf-1.12.1/test/testcases/add_var.c:112:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/alignment_test.c:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/testcases/alignment_test.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[32];
data/pnetcdf-1.12.1/test/testcases/alignment_test.c:56:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "redef1.nc");
data/pnetcdf-1.12.1/test/testcases/alignment_test.c:79:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str,"fixed_var_%d",i);
data/pnetcdf-1.12.1/test/testcases/alignment_test.c:85:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str,"record_var_%d",i);
data/pnetcdf-1.12.1/test/testcases/alignment_test.c:162:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "annotation_for_var_%d",i);
data/pnetcdf-1.12.1/test/testcases/alignment_test.c:185:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str,"fixed_var_%d",i+NVARS);
data/pnetcdf-1.12.1/test/testcases/alignment_test.c:191:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str,"record_var_%d",i+NVARS);
data/pnetcdf-1.12.1/test/testcases/buftype_free.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/testcases/buftype_free.c:46:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/check_striping.c:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], *hint_value;
data/pnetcdf-1.12.1/test/testcases/check_striping.c:84:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/check_type.c:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *varname[12], buf[1024], attname[256];
data/pnetcdf-1.12.1/test/testcases/check_type.c:178:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], *hint_value;
data/pnetcdf-1.12.1/test/testcases/check_type.c:190:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/collective_error.c:152:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], *hint_value;
data/pnetcdf-1.12.1/test/testcases/collective_error.c:164:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/flexible.c:50:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/testcases/flexible.c:69:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/flexible2.c:91:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/testcases/flexible2.c:109:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/flexible_varm.c:119:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/testcases/flexible_varm.c:137:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/inq_num_vars.c:118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], *hint_value;
data/pnetcdf-1.12.1/test/testcases/inq_num_vars.c:129:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/inq_recsize.c:89:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], *hint_value;
data/pnetcdf-1.12.1/test/testcases/inq_recsize.c:100:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/ivarn.c:158:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/testcases/ivarn.c:178:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/large_var_cdf5.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/testcases/large_var_cdf5.c:46:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/last_large_var.c:364:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/testcases/last_large_var.c:377:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/mix_collectives.c:19:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/testcases/mix_collectives.c:48:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/nc_null_args.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/testcases/nc_null_args.c:41:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/ncmpi_vars_null_stride.c:235:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], *hint_value;
data/pnetcdf-1.12.1/test/testcases/ncmpi_vars_null_stride.c:247:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/nonblocking.c:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/testcases/nonblocking.c:65:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/one_record.c:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/testcases/one_record.c:35:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[NUM_VALS][STR_LEN + 1], data_in[NUM_VALS*STR_LEN];
data/pnetcdf-1.12.1/test/testcases/one_record.c:49:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/one_record.c:58:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(data[0], "2005-04-11_12:00:00"); /* 19 bytes not a multiply of 4 */
data/pnetcdf-1.12.1/test/testcases/one_record.c:59:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(data[1], "2005-04-11_13:00:00");
data/pnetcdf-1.12.1/test/testcases/profile.c:355:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/testcases/profile.c:381:35: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (argv[optind] == NULL) strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/record.c:284:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], *hint_value;
data/pnetcdf-1.12.1/test/testcases/record.c:296:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/redef1.c:145:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], *hint_value;
data/pnetcdf-1.12.1/test/testcases/redef1.c:159:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "redef2.nc");
data/pnetcdf-1.12.1/test/testcases/scalar.c:91:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], *hint_value;
data/pnetcdf-1.12.1/test/testcases/scalar.c:104:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/test_erange.c:44:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char uc[1];
data/pnetcdf-1.12.1/test/testcases/test_erange.c:45:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char sc[1];
data/pnetcdf-1.12.1/test/testcases/test_erange.c:200:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char uc[1];
data/pnetcdf-1.12.1/test/testcases/test_erange.c:201:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char sc[1];
data/pnetcdf-1.12.1/test/testcases/test_erange.c:259:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], *hint_value;
data/pnetcdf-1.12.1/test/testcases/test_erange.c:271:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/test_fillvalue.c:74:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], *hint_value;
data/pnetcdf-1.12.1/test/testcases/test_fillvalue.c:86:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/test_vard.c:153:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/testcases/test_vard.c:175:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/test_vard_multiple.c:80:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/testcases/test_vard_multiple.c:99:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/test_vard_rec.c:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/testcases/test_vard_rec.c:63:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/test_varm.c:94:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char varT[4][6];
data/pnetcdf-1.12.1/test/testcases/test_varm.c:245:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], *hint_value;
data/pnetcdf-1.12.1/test/testcases/test_varm.c:258:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/tst_def_var_fill.c:178:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], *hint_value;
data/pnetcdf-1.12.1/test/testcases/tst_def_var_fill.c:190:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/tst_dimsizes.c:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/testcases/tst_dimsizes.c:59:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/tst_free_comm.c:80:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/testcases/tst_free_comm.c:93:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/tst_info.c:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[MPI_MAX_INFO_VAL+1];
data/pnetcdf-1.12.1/test/testcases/tst_info.c:70:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], value[MPI_MAX_INFO_VAL], stderr_buf[BUFSIZ];
data/pnetcdf-1.12.1/test/testcases/tst_info.c:84:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/tst_max_var_dims.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/testcases/tst_max_var_dims.c:47:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/tst_pthread.c:108:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[256]; /* output file name base */
data/pnetcdf-1.12.1/test/testcases/tst_pthread.c:115:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/testcases/tst_pthread.c:249:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/testcases/tst_pthread.c:274:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/tst_pthread.c:295:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[512];
data/pnetcdf-1.12.1/test/testcases/varn_contig.c:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/testcases/varn_contig.c:90:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/varn_int.c:92:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/testcases/varn_int.c:107:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/test/testcases/vectors.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/pnetcdf-1.12.1/test/testcases/vectors.c:45:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(filename, "testfile.nc");
data/pnetcdf-1.12.1/examples/C/global_attributes.c:126:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MPI_Bcast(str_att, strlen(str_att), MPI_CHAR, 0, MPI_COMM_WORLD);
data/pnetcdf-1.12.1/examples/C/global_attributes.c:128:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = ncmpi_put_att_text(ncid, NC_GLOBAL, "history", strlen(str_att),
data/pnetcdf-1.12.1/examples/C/global_attributes.c:157:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(att_name, "history", strlen("history"))) {
data/pnetcdf-1.12.1/examples/C/global_attributes.c:169:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(att_name, "digits", strlen("digits"))) {
data/pnetcdf-1.12.1/examples/C/put_vara.c:150:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = ncmpi_put_att_text(ncid, NC_GLOBAL, "history", strlen(str_att),
data/pnetcdf-1.12.1/examples/C/put_vara.c:162:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = ncmpi_put_att_text(ncid, varid, "str_att_name", strlen(str_att),
data/pnetcdf-1.12.1/examples/C/time_var.c:151:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = ncmpi_put_att_text(ncid, NC_GLOBAL, "history", strlen(str_att),
data/pnetcdf-1.12.1/examples/C/transpose.c:113:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<NDIMS; i++) sprintf(str+strlen(str), "%d ",psizes[i]);
data/pnetcdf-1.12.1/examples/C/transpose.c:126:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<NDIMS; i++) sprintf(str+strlen(str), "%lld ",starts[i]);
data/pnetcdf-1.12.1/examples/C/transpose2D.c:134:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<NDIMS; i++) sprintf(str+strlen(str), "%d ",psizes[i]);
data/pnetcdf-1.12.1/examples/C/transpose2D.c:147:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<NDIMS; i++) sprintf(str+strlen(str), "%lld ",start[i]);
data/pnetcdf-1.12.1/examples/CXX/block_cyclic.cpp:215:59: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
NcmpiFile nc(MPI_COMM_WORLD, filename, NcmpiFile::read);
data/pnetcdf-1.12.1/examples/CXX/get_vara.cpp:106:63: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
NcmpiFile ncFile(MPI_COMM_WORLD, filename, NcmpiFile::read);
data/pnetcdf-1.12.1/examples/CXX/transpose.cpp:105:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<NDIMS; i++) sprintf(str+strlen(str), "%d ",psizes[i]);
data/pnetcdf-1.12.1/examples/CXX/transpose.cpp:118:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<NDIMS; i++) sprintf(str+strlen(str), "%lld ",starts[i]);
data/pnetcdf-1.12.1/examples/CXX/vard_int.cpp:177:59: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
NcmpiFile nc(MPI_COMM_WORLD, filename, NcmpiFile::read);
data/pnetcdf-1.12.1/src/binding/cxx/ncmpiFile.cpp:45:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
case NcmpiFile::read:
data/pnetcdf-1.12.1/src/binding/cxx/ncmpiFile.cpp:91:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
case NcmpiFile::read:
data/pnetcdf-1.12.1/src/binding/cxx/ncmpiFile.h:22:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read, //!< File exists, open read-only.
data/pnetcdf-1.12.1/src/binding/cxx/ncmpi_notyet.cpp:117:41: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
nc_type typeid2, int *equal){std::cout << __func__ << " not implemented" << std::endl; return NC_EINVAL;}
data/pnetcdf-1.12.1/src/binding/cxx/ncmpi_notyet.h:119:41: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
nc_type typeid2, int *equal);
data/pnetcdf-1.12.1/src/dispatchers/attribute.c:42:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) > NC_MAX_NAME) DEBUG_RETURN_ERROR(NC_EMAXNAME)
data/pnetcdf-1.12.1/src/dispatchers/attribute.c:91:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) > NC_MAX_NAME) DEBUG_RETURN_ERROR(NC_EMAXNAME)
data/pnetcdf-1.12.1/src/dispatchers/attribute.c:169:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) > NC_MAX_NAME) {
data/pnetcdf-1.12.1/src/dispatchers/attribute.c:190:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
root_name_len = strlen(name) + 1;
data/pnetcdf-1.12.1/src/dispatchers/attribute.c:266:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) > NC_MAX_NAME) {
data/pnetcdf-1.12.1/src/dispatchers/attribute.c:276:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newname) > NC_MAX_NAME) { /* newname length */
data/pnetcdf-1.12.1/src/dispatchers/attribute.c:303:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
root_name_len = strlen(name) + 1;
data/pnetcdf-1.12.1/src/dispatchers/attribute.c:321:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
root_name_len = strlen(newname) + 1;
data/pnetcdf-1.12.1/src/dispatchers/attribute.c:393:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) > NC_MAX_NAME) {
data/pnetcdf-1.12.1/src/dispatchers/attribute.c:413:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
root_name_len = strlen(name) + 1;
data/pnetcdf-1.12.1/src/dispatchers/dimension.c:45:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) > NC_MAX_NAME) { /* name length */
data/pnetcdf-1.12.1/src/dispatchers/dimension.c:122:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
root_name_len = strlen(name) + 1;
data/pnetcdf-1.12.1/src/dispatchers/dimension.c:186:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) > NC_MAX_NAME) DEBUG_RETURN_ERROR(NC_EMAXNAME)
data/pnetcdf-1.12.1/src/dispatchers/dimension.c:257:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newname) > NC_MAX_NAME) { /* newname length */
data/pnetcdf-1.12.1/src/dispatchers/dimension.c:302:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
root_name_len = strlen(newname) + 1;
data/pnetcdf-1.12.1/src/dispatchers/file.c:484:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pncp->path = (char*) NCI_Malloc(strlen(path)+1);
data/pnetcdf-1.12.1/src/dispatchers/file.c:748:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pncp->path = (char*) NCI_Malloc(strlen(path)+1);
data/pnetcdf-1.12.1/src/dispatchers/file.c:1210:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rlen = read(fd, signature, 8);
data/pnetcdf-1.12.1/src/dispatchers/file.c:1265:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rlen = read(fd, footer, BP_MINIFOOTER_SIZE);
data/pnetcdf-1.12.1/src/dispatchers/file.c:1417:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else *pathlen = (int)strlen(pncp->path);
data/pnetcdf-1.12.1/src/dispatchers/variable.c:48:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) > NC_MAX_NAME) { /* name length */
data/pnetcdf-1.12.1/src/dispatchers/variable.c:144:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
root_name_len = strlen(name) + 1;
data/pnetcdf-1.12.1/src/dispatchers/variable.c:302:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) > NC_MAX_NAME) DEBUG_RETURN_ERROR(NC_EMAXNAME)
data/pnetcdf-1.12.1/src/dispatchers/variable.c:633:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newname) > NC_MAX_NAME) { /* newname length */
data/pnetcdf-1.12.1/src/dispatchers/variable.c:669:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
root_name_len = strlen(newname) + 1;
data/pnetcdf-1.12.1/src/drivers/common/hash_map.c:77:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_node->key = (char*)NCI_Malloc((strlen(key) + 1) * sizeof(char));
data/pnetcdf-1.12.1/src/drivers/common/mem_alloc.c:110:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
node->func = (char*)malloc(strlen(func)+1);
data/pnetcdf-1.12.1/src/drivers/common/mem_alloc.c:111:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
node->filename = (char*)malloc(strlen(filename)+1);
data/pnetcdf-1.12.1/src/drivers/common/mem_alloc.c:113:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
node->func[strlen(func)] = '\0';
data/pnetcdf-1.12.1/src/drivers/common/mem_alloc.c:115:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
node->filename[strlen(filename)] = '\0';
data/pnetcdf-1.12.1/src/drivers/common/utf8proc.c:16:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8proc_ssize_t strlen, utf8proc_uint8_t **dstptr,
data/pnetcdf-1.12.1/src/drivers/common/utf8proc.c:19:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8proc_ssize_t strlen, utf8proc_int32_t *dst);
data/pnetcdf-1.12.1/src/drivers/common/utf8proc.c:24:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8proc_ssize_t strlen, utf8proc_int32_t *buffer,
data/pnetcdf-1.12.1/src/drivers/common/utf8proc.c:28:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8proc_ssize_t strlen, utf8proc_uint8_t **dstptr,
data/pnetcdf-1.12.1/src/drivers/common/utf8proc.c:219:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const utf8proc_uint8_t *str, utf8proc_ssize_t strlen, utf8proc_int32_t *dst
data/pnetcdf-1.12.1/src/drivers/common/utf8proc.c:225:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen) return 0;
data/pnetcdf-1.12.1/src/drivers/common/utf8proc.c:226:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = str + ((strlen < 0) ? 4 : strlen);
data/pnetcdf-1.12.1/src/drivers/common/utf8proc.c:226:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = str + ((strlen < 0) ? 4 : strlen);
data/pnetcdf-1.12.1/src/drivers/common/utf8proc.c:600:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const utf8proc_uint8_t *str, utf8proc_ssize_t strlen,
data/pnetcdf-1.12.1/src/drivers/common/utf8proc.c:603:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return utf8proc_decompose_custom(str, strlen, buffer, bufsize, options, NULL, NULL);
data/pnetcdf-1.12.1/src/drivers/common/utf8proc.c:608:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const utf8proc_uint8_t *str, utf8proc_ssize_t strlen,
data/pnetcdf-1.12.1/src/drivers/common/utf8proc.c:633:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (rpos >= strlen) break;
data/pnetcdf-1.12.1/src/drivers/common/utf8proc.c:811:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const utf8proc_uint8_t *str, utf8proc_ssize_t strlen, utf8proc_uint8_t **dstptr, utf8proc_option_t options
data/pnetcdf-1.12.1/src/drivers/common/utf8proc.c:813:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return utf8proc_map_custom(str, strlen, dstptr, options, NULL, NULL);
data/pnetcdf-1.12.1/src/drivers/common/utf8proc.c:817:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const utf8proc_uint8_t *str, utf8proc_ssize_t strlen, utf8proc_uint8_t **dstptr, utf8proc_option_t options,
data/pnetcdf-1.12.1/src/drivers/common/utf8proc.c:823:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = utf8proc_decompose_custom(str, strlen, NULL, 0, options, custom_func, custom_data);
data/pnetcdf-1.12.1/src/drivers/common/utf8proc.c:827:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = utf8proc_decompose_custom(str, strlen, buffer, result, options, custom_func, custom_data);
data/pnetcdf-1.12.1/src/drivers/common/utf8proc.h:442:100: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
UTF8PROC_DLLEXPORT utf8proc_ssize_t utf8proc_iterate(const utf8proc_uint8_t *str, utf8proc_ssize_t strlen, utf8proc_int32_t *codepoint_ref);
data/pnetcdf-1.12.1/src/drivers/common/utf8proc.h:527:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const utf8proc_uint8_t *str, utf8proc_ssize_t strlen,
data/pnetcdf-1.12.1/src/drivers/common/utf8proc.h:538:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const utf8proc_uint8_t *str, utf8proc_ssize_t strlen,
data/pnetcdf-1.12.1/src/drivers/common/utf8proc.h:686:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const utf8proc_uint8_t *str, utf8proc_ssize_t strlen, utf8proc_uint8_t **dstptr, utf8proc_option_t options
data/pnetcdf-1.12.1/src/drivers/common/utf8proc.h:696:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const utf8proc_uint8_t *str, utf8proc_ssize_t strlen, utf8proc_uint8_t **dstptr, utf8proc_option_t options,
data/pnetcdf-1.12.1/src/drivers/nc4io/nc4io_attr.c:100:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newname) > strlen(name)){
data/pnetcdf-1.12.1/src/drivers/nc4io/nc4io_attr.c:100:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newname) > strlen(name)){
data/pnetcdf-1.12.1/src/drivers/nc4io/nc4io_file.c:88:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nc4p->path = (char*) NCI_Malloc(strlen(filename)+1);
data/pnetcdf-1.12.1/src/drivers/nc4io/nc4io_file.c:142:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nc4p->path = (char*) NCI_Malloc(strlen(filename)+1);
data/pnetcdf-1.12.1/src/drivers/nc4io/nc4io_file.c:361:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pathlen != NULL) *pathlen = (int)strlen(nc4p->path);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_attr.c:64:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(name, ncadp->fp->attr_namelist[attid] + strlen(var.name) + 1);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_bp2ncd.c:62:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i = 0; i < strlen (new_path); i++) {
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_bp2ncd.c:72:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fullname [strlen(fullname)] = '\0';
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_bp2ncd.c:80:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fullname [strlen(fullname)] = '\0';
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_file.c:80:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ncadp->path = (char*) NCI_Malloc(strlen(path) + 1);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_file.c:287:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*pathlen = strlen(ncadp->path);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_internal.c:59:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
var.name = NCI_Malloc(strlen(name) + 1);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_internal.c:78:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dim.name = NCI_Malloc(strlen(name) + 1);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_internal.h:8:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define CHECK_NAME(A) (strlen(A) > 0 && (isalpha(A[0]) || A[0] == '_'))
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_sync.c:33:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsize += strlen(ncadp->dims.data[i].name) + 1 + SIZEOF_INT * 2;
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_sync.c:36:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsize += strlen(ncadp->vars.data[i].name) + 1 +
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_sync.c:53:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(ncadp->dims.data[i].name);
data/pnetcdf-1.12.1/src/drivers/ncadios/ncadios_sync.c:68:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(ncadp->vars.data[i].name);
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_file.c:75:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ncbbp->path = (char*) NCI_Malloc(strlen(path)+1);
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_file.c:129:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ncbbp->path = (char*) NCI_Malloc(strlen(path)+1);
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_log.c:101:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(path);
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_log.c:103:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fdir, path, i + 1);
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_log.c:241:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
headersize = sizeof(NC_bb_metadataheader) + strlen(basename) + 1 + SIZEOF_INT + procname_len + 1;
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_log.c:252:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)headerp->basename, basename,
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_log.c:269:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
headerp->basenamelen = strlen(basename);
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_log.c:273:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)headerp->basename + headerp->basenamelen + 5,
data/pnetcdf-1.12.1/src/drivers/ncbbio/ncbbio_sharedfile.c:434:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioret = read(f->fd, (char*)buf + rsize, count - rsize);
data/pnetcdf-1.12.1/src/drivers/ncfoo/ncfoo_file.c:73:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
foo->path = (char*) NCI_Malloc(strlen(path)+1);
data/pnetcdf-1.12.1/src/drivers/ncfoo/ncfoo_file.c:120:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
foo->path = (char*) NCI_Malloc(strlen(path)+1);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/misc.c:960:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ncstrp->cp, str, slen);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/misc.c:980:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(str);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/mpincio.c:71:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sz_path = M_RNDUP(strlen(path) +1);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/mpinetcdf.c:239:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
env_str_cpy = (char*) NCI_Malloc(strlen(env_str)+1);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/mpinetcdf.c:420:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
env_str_cpy = (char*) NCI_Malloc(strlen(env_str)+1);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/mpinetcdf.c:988:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pathlen != NULL) *pathlen = (int)strlen(ncp->nciop->path);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/string.c:65:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ncstrp->cp, str, slen);
data/pnetcdf-1.12.1/src/drivers/ncmpio/Legacy/string.c:85:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(str);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_create.c:216:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ncp->path = (char*) NCI_Malloc(strlen(path) + 1);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_dim.c:43:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*dimp)->name_len = strlen(rdimp->name)+1;
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_dim.c:68:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchars = strlen(name);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_dim.c:99:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchars = strlen(name);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_dim.c:212:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dimp->name_len = strlen(nname);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_dim.c:311:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nnewname_len = strlen(nnewname);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_file_misc.c:313:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else *pathlen = (int)strlen(ncp->path);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_hash_func.c:29:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(str_name); ++i) {
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_hash_func.c:55:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t i, len = strlen(str_name);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_hash_func.c:66:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t i, len = strlen(str_name);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_hash_func.c:78:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t i, len = strlen(str_name);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_hash_func.c:110:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t i, len=strlen(str_name);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_hash_func.c:115:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int i, hash=strlen(str_name);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_hash_func.c:116:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(str_name); ++i)
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_header_get.c:665:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dimp->name_len = strlen(name);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_header_put.c:49:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nchars = strlen(name);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_open.c:120:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ncp->path = (char*) NCI_Malloc(strlen(path) + 1);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:676:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(str_st, ",");
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:677:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(str_ct, ",");
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:678:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(str_st_org, ",");
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:682:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(str_st, ")");
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:683:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(str_ct, ")");
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:684:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(str_st_org, ")");
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:944:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(str_st, ",");
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:945:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(str_ct, ",");
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:946:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(str_st_org, ",");
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:950:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(str_st, ")");
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:951:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(str_ct, ")");
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_subfile.c:952:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(str_st_org, ")");
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_util.c:157:16: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if (!flag) strcpy(value, "0");
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_var.c:71:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
varp->name_len = strlen(name); /* name has been NULL checked */
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_var.c:85:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = (char*) NCI_Malloc(strlen(rvarp->name)+1);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_var.c:215:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchars = strlen(name);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_var.c:247:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchars = strlen(name);
data/pnetcdf-1.12.1/src/drivers/ncmpio/ncmpio_var.c:558:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nnewname_len = strlen(nnewname);
data/pnetcdf-1.12.1/src/libs/strdup.c:10:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = (char*) malloc(strlen(str) + 1);
data/pnetcdf-1.12.1/src/utils/ncmpidiff/cdfdiff.c:291:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rlen = read(fd[i], signature, 8);
data/pnetcdf-1.12.1/src/utils/ncmpidiff/cdfdiff.c:920:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rdLen[0] = read(fd[0], buf[0], rSize);
data/pnetcdf-1.12.1/src/utils/ncmpidiff/cdfdiff.c:921:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rdLen[1] = read(fd[1], buf[1], rSize);
data/pnetcdf-1.12.1/src/utils/ncmpidump/dumplib.c:72:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nn = strlen(cp);
data/pnetcdf-1.12.1/src/utils/ncmpidump/dumplib.c:77:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linep = (int)strlen(LINEPIND);
data/pnetcdf-1.12.1/src/utils/ncmpidump/ncmpidump.c:107:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new = (char *) malloc((unsigned) (strlen(cp)+1));
data/pnetcdf-1.12.1/src/utils/ncmpidump/ncmpidump.c:625:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*cpp = (char *) malloc(strlen(cp) + 1);
data/pnetcdf-1.12.1/src/utils/ncmpidump/ncmpidump.c:647:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (optarg != 0 && (int) strlen(optarg) > 0 && optarg[0] != ',')
data/pnetcdf-1.12.1/src/utils/ncmpidump/ncmpidump.c:679:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (optarg != 0 && (int) strlen(optarg) > 0 && optarg[0] != ',') {
data/pnetcdf-1.12.1/src/utils/ncmpidump/ncmpidump.c:756:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rlen = read(fd, signature, 8);
data/pnetcdf-1.12.1/src/utils/ncmpidump/ncmpidump.c:792:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rlen = read(fd, footer, BP_MINIFOOTER_SIZE);
data/pnetcdf-1.12.1/src/utils/ncmpidump/vardata.c:590:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
set_indent ((int)strlen(vp->name) + 4);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:761:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(stmnt, ")");
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:922:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = (int) strlen(stmnt);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1263:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ostr = (char*) emalloc(strlen("char(0)") + 1);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1290:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(tstr);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1323:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(tstr);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1443:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(stmnt, ")");
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1467:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(stmnt, ")");
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1568:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(stmnt, ")");
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1668:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename = (char *) emalloc(strlen(netcdfname) + 5);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1943:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
count += strlen("_dash_") - 1;
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1946:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
count += strlen("_dot_") - 1;
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1949:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
count += strlen("_at_") - 1;
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1952:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
count += strlen("_hash_") - 1;
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1955:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
count += strlen("_lbr_") - 1;
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1958:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
count += strlen("_rbr_") - 1;
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1965:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newname = (char *) ecalloc(strlen(name) + count + 1);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1972:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp += strlen("_dash_");
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1976:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp += strlen("_dot_");
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1980:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp += strlen("_at_");
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1984:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp += strlen("_hash_");
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1988:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp += strlen("_lbr_");
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:1992:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp += strlen("_rbr_");
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:2013:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(name);
data/pnetcdf-1.12.1/src/utils/ncmpigen/genlib.c:2038:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, newname, len);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:105:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stmnt_len = strlen(stmnt);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:110:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(stmnt, s2, C_MAX_STMNT - strlen(stmnt) );
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:110:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(stmnt, s2, C_MAX_STMNT - strlen(stmnt) );
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:188:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stmnt_len += strlen(s2);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:194:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stmnt_len = strlen(stmnt);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:234:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stmnt_len += strlen(s2);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:240:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stmnt_len = strlen(stmnt);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:300:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
val_string[strlen(val_string)-1] = '\0';
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:349:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(stmnt, s2, C_MAX_STMNT - strlen(stmnt) );
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:349:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(stmnt, s2, C_MAX_STMNT - strlen(stmnt) );
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:350:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(stmnt,";");
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:380:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*slenp += strlen(t);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:385:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*slenp = strlen(s);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:419:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stmnt_len = strlen(stmnt);
data/pnetcdf-1.12.1/src/utils/ncmpigen/load.c:528:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *dup_stmnt = (char*) emalloc(strlen(stmnt)+1);
data/pnetcdf-1.12.1/src/utils/ncmpigen/main.c:128:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *lang_name = (char *) emalloc(strlen(optarg)+1);
data/pnetcdf-1.12.1/src/utils/ncmpigen/main.c:153:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
netcdf_name = (char *) emalloc(strlen(optarg)+1);
data/pnetcdf-1.12.1/src/utils/ncmpigen/main.c:165:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *version_name = (char *)emalloc(strlen(optarg)+1);
data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigentab.c:550:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp -> name = (char *) emalloc (strlen (sname) + 1);/* +1 for '\0' */
data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigentab.c:823:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dims[ndims].name = (char *) emalloc(strlen(yyvsp[0]->name)+1);
data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigentab.c:897:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vars[nvars].name = (char *) emalloc(strlen(yyvsp[0]->name)+1);
data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigentab.c:984:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atts[natts].name = (char *) emalloc(strlen(yyvsp[0]->name)+1);
data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigentab.c:1013:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MPI_Offset len = strlen(termstring);
data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigentab.c:1016:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(char_valp,termstring,len);
data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigentab.c:1311:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MPI_Offset len = strlen(termstring);
data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigentab.c:1332:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(char_valp,termstring,len);
data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigenyy.c:815:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c = getc( ncmpiin )) != EOF && c != '\n'; ++n ) \
data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigenyy.c:1081:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *s = (char*)ncmpitext+strlen("netcdf");
data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigenyy.c:1093:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(netcdfname, s, t-s);
data/pnetcdf-1.12.1/src/utils/ncmpigen/ncmpigenyy.c:2049:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return ncmpi_scan_bytes(yystr,strlen(yystr) );
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:317:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ncstrp->cp, str, slen);
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:819:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read_amount = read(gbp->fd, readBuf, readLen);
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:2083:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lineLen = strlen(varp->name->cp) + 2;
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:2087:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lineLen += strlen(dimp->name->cp) + 2;
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:2090:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lineLen += strlen(dimp->name->cp) + 2 + 5; /* ", " and "..., " */
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:2175:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lineLen = strlen(varp->name->cp) + 2;
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:2179:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lineLen += strlen(dimp->name->cp) + 2;
data/pnetcdf-1.12.1/src/utils/ncoffsets/ncoffsets.c:2182:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lineLen += strlen(dimp->name->cp) + 2 + 5; /* ", " and "..., " */
data/pnetcdf-1.12.1/src/utils/ncvalidator/ncvalidator.c:879:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nn = read(fd, gbp->base, gbp->size);
data/pnetcdf-1.12.1/src/utils/ncvalidator/ncvalidator.c:1096:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dimp->name_len = strlen(name);
data/pnetcdf-1.12.1/src/utils/ncvalidator/ncvalidator.c:1363:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*attrp)->name_len = strlen(name);
data/pnetcdf-1.12.1/src/utils/ncvalidator/ncvalidator.c:1561:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
varp->name_len = strlen(name);
data/pnetcdf-1.12.1/src/utils/ncvalidator/ncvalidator.c:2203:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
readLen = read(fd, buf, gap);
data/pnetcdf-1.12.1/src/utils/ncvalidator/tst_open.c:68:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/C/Legacy/sfc_pres_temp_rd.c:147:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(lat_units_in, LAT_UNITS, strlen(LAT_UNITS)))
data/pnetcdf-1.12.1/test/C/Legacy/sfc_pres_temp_rd.c:152:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(lon_units_in, LON_UNITS, strlen(LON_UNITS)))
data/pnetcdf-1.12.1/test/C/Legacy/sfc_pres_temp_rd.c:157:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(pres_units_in, PRES_UNITS, strlen(PRES_UNITS)))
data/pnetcdf-1.12.1/test/C/Legacy/sfc_pres_temp_rd.c:162:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(temp_units_in, TEMP_UNITS, strlen(TEMP_UNITS))) return 2;
data/pnetcdf-1.12.1/test/C/Legacy/sfc_pres_temp_wr.c:124:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(DEGREES_NORTH), DEGREES_NORTH)))
data/pnetcdf-1.12.1/test/C/Legacy/sfc_pres_temp_wr.c:127:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(DEGREES_EAST), DEGREES_EAST)))
data/pnetcdf-1.12.1/test/C/Legacy/sfc_pres_temp_wr.c:143:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(pres_units), pres_units)))
data/pnetcdf-1.12.1/test/C/Legacy/sfc_pres_temp_wr.c:146:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(temp_units), temp_units)))
data/pnetcdf-1.12.1/test/C/pres_temp_4D_rd.c:109:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char *)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/C/pres_temp_4D_wr.c:113:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char *)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/C/pres_temp_4D_wr.c:164:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(DEGREES_NORTH), DEGREES_NORTH);
data/pnetcdf-1.12.1/test/C/pres_temp_4D_wr.c:167:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(DEGREES_EAST), DEGREES_EAST);
data/pnetcdf-1.12.1/test/C/pres_temp_4D_wr.c:188:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(PRES_UNITS), PRES_UNITS);
data/pnetcdf-1.12.1/test/C/pres_temp_4D_wr.c:191:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(TEMP_UNITS), TEMP_UNITS);
data/pnetcdf-1.12.1/test/CXX/nctst.cpp:78:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att.getType() != ncmpiChar || att.getAttLength() != (long)strlen(value))
data/pnetcdf-1.12.1/test/CXX/nctst.cpp:82:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *value_in = (char*)malloc(strlen(value)+1);
data/pnetcdf-1.12.1/test/CXX/nctst.cpp:84:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(value_in, value, strlen(value)))
data/pnetcdf-1.12.1/test/CXX/nctst.cpp:109:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(const MPI_Comm &comm,
data/pnetcdf-1.12.1/test/CXX/nctst.cpp:115:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
NcmpiFile nc(comm, path, NcmpiFile::read);
data/pnetcdf-1.12.1/test/CXX/nctst.cpp:359:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* cp = path + strlen(path);
data/pnetcdf-1.12.1/test/CXX/nctst.cpp:364:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&np[0], cp, NC_MAX_NAME);
data/pnetcdf-1.12.1/test/CXX/nctst.cpp:366:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* ep = np + strlen(np);
data/pnetcdf-1.12.1/test/CXX/nctst.cpp:380:68: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const char* path, NcmpiFile::FileMode mode = read)
data/pnetcdf-1.12.1/test/CXX/nctst.cpp:524:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/CXX/nctst.cpp:547:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(MPI_COMM_WORLD, filename, format[i]))
data/pnetcdf-1.12.1/test/CXX/test_classic.cpp:28:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/CXX/test_classic.cpp:64:57: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
NcmpiFile ncFile(MPI_COMM_WORLD, filename, NcmpiFile::read);
data/pnetcdf-1.12.1/test/Legacy/test_double/test_write.c:99:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = ncmpi_put_att_text (ncid, NC_GLOBAL, "title", strlen(title), title); ERR
data/pnetcdf-1.12.1/test/Legacy/test_double/test_write.c:128:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = ncmpi_put_att_text(ncid, square_id, "description", strlen(description), description); ERR
data/pnetcdf-1.12.1/test/Legacy/test_double/test_write_indep.c:117:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(title), title);
data/pnetcdf-1.12.1/test/Legacy/test_double/test_write_indep.c:159:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(description), description);
data/pnetcdf-1.12.1/test/Legacy/test_double_int/test_write.c:112:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(title), title);
data/pnetcdf-1.12.1/test/Legacy/test_double_int/test_write.c:154:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(description), description);
data/pnetcdf-1.12.1/test/Legacy/test_double_int/test_write_indep.c:112:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(title), title);
data/pnetcdf-1.12.1/test/Legacy/test_double_int/test_write_indep.c:154:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(description), description);
data/pnetcdf-1.12.1/test/Legacy/test_float/test_write.c:113:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(title), title);
data/pnetcdf-1.12.1/test/Legacy/test_float/test_write.c:155:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(description), description);
data/pnetcdf-1.12.1/test/Legacy/test_float/test_write_indep.c:113:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(title), title);
data/pnetcdf-1.12.1/test/Legacy/test_float/test_write_indep.c:155:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(description), description);
data/pnetcdf-1.12.1/test/Legacy/test_int/test_write.c:116:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(title), title);
data/pnetcdf-1.12.1/test/Legacy/test_int/test_write.c:158:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(description), description);
data/pnetcdf-1.12.1/test/Legacy/test_int/test_write64.c:117:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(title), title);
data/pnetcdf-1.12.1/test/Legacy/test_int/test_write64.c:159:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(description), description);
data/pnetcdf-1.12.1/test/Legacy/test_int/test_write_indep.c:112:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(title), title);
data/pnetcdf-1.12.1/test/Legacy/test_int/test_write_indep.c:226:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(description), description);
data/pnetcdf-1.12.1/test/adios/att.c:47:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/adios/header.c:83:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/adios/indep.c:58:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/adios/ivar.c:60:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/adios/ivarm.c:57:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/adios/ivars.c:57:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/adios/open.c:50:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/adios/var.c:57:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/adios/varm.c:58:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/adios/vars.c:57:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/burst_buffer/bb_bsize.c:60:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/burst_buffer/bb_hints.c:53:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/burst_buffer/bb_many_reqs.c:52:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/burst_buffer/bb_nonblocking.c:49:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/burst_buffer/highdim.c:93:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/burst_buffer/varn.c:51:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/cdf_format/cdf_type.c:154:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/cdf_format/dim_cdf12.c:92:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/cdf_format/test_inq_format.c:30:20: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
else strcpy(dir_name, ".");
data/pnetcdf-1.12.1/test/cdf_format/test_inq_format.c:34:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/cdf_format/tst_corrupt.c:79:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/cdf_format/tst_open_cdf5.c:70:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/common/testutils.c:243:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*hint_value = (char*) malloc(strlen(val)+1);
data/pnetcdf-1.12.1/test/fandc/csnap.c:97:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/header/Legacy/test_check_header.c:113:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(title), title);
data/pnetcdf-1.12.1/test/header/Legacy/test_check_header.c:165:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(description), description);
data/pnetcdf-1.12.1/test/header/Legacy/test_check_header1.c:108:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = ncmpi_put_att_text (ncid, NC_GLOBAL, "title", strlen(title), title);
data/pnetcdf-1.12.1/test/header/Legacy/test_check_header1.c:151:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(description), description);
data/pnetcdf-1.12.1/test/header/header_consistency.c:370:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/largefile/high_dim_var.c:50:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/largefile/large_coalesce.c:55:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/largefile/large_dims_vars_attrs.c:51:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/largefile/large_var.c:86:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/largefile/tst_cdf5_begin.c:105:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/nc4/compressed.c:34:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/nc4/noclobber.c:38:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/nc4/notsupport.c:61:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/nc4/pres_temp_4D.c:127:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(DEGREES_NORTH), DEGREES_NORTH);
data/pnetcdf-1.12.1/test/nc4/pres_temp_4D.c:130:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(DEGREES_EAST), DEGREES_EAST);
data/pnetcdf-1.12.1/test/nc4/pres_temp_4D.c:151:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(PRES_UNITS), PRES_UNITS);
data/pnetcdf-1.12.1/test/nc4/pres_temp_4D.c:154:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(TEMP_UNITS), TEMP_UNITS);
data/pnetcdf-1.12.1/test/nc4/pres_temp_4D.c:399:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/nc4/rd_compressed.c:83:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/nc4/simple_xy.c:75:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/nc4/tst_2_rec_dims.c:50:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/nc4/tst_get_put_size.c:48:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/nc4/tst_rec_vars.c:47:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/nc4/tst_zero_req.c:150:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/nc_test/nc_test.c:230:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/nc_test/t_nc.c:208:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = ncmpi_put_att_text(id,ii,reqattr[0],strlen(vp->units), vp->units); ERR
data/pnetcdf-1.12.1/test/nc_test/t_nc.c:213:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = ncmpi_put_att_text(id,ii,reqattr[5],strlen(vp->fieldnam), vp->fieldnam); ERR
data/pnetcdf-1.12.1/test/nc_test/t_nc.c:345:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = ncmpi_put_att_text(id, NC_GLOBAL, "TITLE", strlen(filename), filename); ERR
data/pnetcdf-1.12.1/test/nc_test/t_nc.c:445:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert( adesc->len == strlen("another name") );
data/pnetcdf-1.12.1/test/nc_test/t_nc.c:505:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert( adesc->len == strlen(tvp->units) );
data/pnetcdf-1.12.1/test/nc_test/t_nc.c:554:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert( adesc->len == strlen(tvp->fieldnam) );
data/pnetcdf-1.12.1/test/nc_test/t_nc.c:635:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/nc_test/tst_atts.c:2221:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/nc_test/tst_atts3.c:215:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err=ncmpi_put_att_text(ncid, NC_GLOBAL, ATT_TEXT_NAME, strlen(speech)+1, speech); ERR
data/pnetcdf-1.12.1/test/nc_test/tst_atts3.c:227:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (att_type != NC_CHAR || att_len != strlen(speech) + 1) ERRV
data/pnetcdf-1.12.1/test/nc_test/tst_atts3.c:517:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err=ncmpi_put_att_text(ncid, NC_GLOBAL, ATT_TEXT_NAME, strlen(speech)+1, speech); ERR
data/pnetcdf-1.12.1/test/nc_test/tst_atts3.c:534:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (att_type != NC_CHAR || att_len != strlen(speech) + 1) ERRV
data/pnetcdf-1.12.1/test/nc_test/tst_atts3.c:552:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err=ncmpi_put_att_text(ncid, NC_GLOBAL, ATT_TEXT_NAME, strlen(speech)+1, speech); ERR
data/pnetcdf-1.12.1/test/nc_test/tst_atts3.c:707:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err=ncmpi_put_att_text(ncid, NC_GLOBAL, ATT_TEXT_NAME, strlen(speech)+1, speech); ERR
data/pnetcdf-1.12.1/test/nc_test/tst_atts3.c:731:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (att_type != NC_CHAR || att_len != strlen(speech) + 1) ERRV
data/pnetcdf-1.12.1/test/nc_test/tst_atts3.c:778:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/nc_test/tst_misc.c:46:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/nc_test/tst_names.c:241:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/nc_test/tst_names.c:269:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((res = ncmpi_put_att_text(ncid, varid, valid[i], strlen(valid[i]), valid[i])))
data/pnetcdf-1.12.1/test/nc_test/tst_names.c:282:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((res = ncmpi_put_att_text(ncid, varid, notvalid[i], strlen(attstring), attstring)) != NC_EBADNAME)
data/pnetcdf-1.12.1/test/nc_test/tst_nofill.c:367:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/nc_test/tst_nofill.c:372:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fill_filename = (char*) malloc(strlen(filename) + 16);
data/pnetcdf-1.12.1/test/nc_test/tst_nofill.c:373:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nofill_filename = (char*) malloc(strlen(filename) + 16);
data/pnetcdf-1.12.1/test/nc_test/tst_norm.c:187:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/nc_test/tst_small.c:49:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(att, source, t);
data/pnetcdf-1.12.1/test/nc_test/tst_small.c:105:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err=ncmpi_put_att_text(ncid, NC_GLOBAL, ATT_NAME2, strlen(TITLE), TITLE); ERR
data/pnetcdf-1.12.1/test/nc_test/tst_small.c:154:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err=ncmpi_put_att_text(ncid, NC_GLOBAL, ATT_NAME2, strlen(TITLE), TITLE); ERR
data/pnetcdf-1.12.1/test/nc_test/tst_small.c:432:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/nonblocking/flexible_bput.c:144:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/nonblocking/i_varn_indef.c:229:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/nonblocking/i_varn_int64.c:576:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/nonblocking/interleaved.c:113:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/nonblocking/large_num_reqs.c:46:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/nonblocking/mcoll_perf.c:343:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/nonblocking/req_all.c:91:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/nonblocking/test_bput.c:47:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/nonblocking/wait_after_indep.c:51:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/subfile/test_subfile.c:94:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (fbasename == NULL) ? 0 : strlen(fbasename);
data/pnetcdf-1.12.1/test/subfile/test_subfile.c:109:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/subfile/test_subfile.c:206:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (do_read == 1) goto read;
data/pnetcdf-1.12.1/test/subfile/test_subfile.c:335:1: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read:
data/pnetcdf-1.12.1/test/testcases/add_var.c:116:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/alignment_test.c:59:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/alignment_test.c:165:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = ncmpi_put_att_text(ncid, varid[i], "text_attr", strlen(str), str);
data/pnetcdf-1.12.1/test/testcases/alignment_test.c:169:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = ncmpi_put_att_text(ncid, varid[i], "text_attr", strlen(str), str);
data/pnetcdf-1.12.1/test/testcases/buftype_free.c:50:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/check_striping.c:87:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/check_type.c:194:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/collective_error.c:167:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/flexible.c:73:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/flexible2.c:113:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/flexible_varm.c:141:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/inq_num_vars.c:132:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/inq_recsize.c:103:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/ivarn.c:182:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/large_var_cdf5.c:50:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/last_large_var.c:381:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/mix_collectives.c:51:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/modes.c:197:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(filename) + 1;
data/pnetcdf-1.12.1/test/testcases/modes.c:202:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/ncmpi_vars_null_stride.c:250:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/noclobber.c:58:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(filename) + 1;
data/pnetcdf-1.12.1/test/testcases/noclobber.c:63:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/nonblocking.c:69:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/one_record.c:52:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/profile.c:363:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/record.c:299:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/redef1.c:162:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/scalar.c:107:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/test_erange.c:275:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/test_fillvalue.c:90:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/test_vard.c:179:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/test_vard_multiple.c:103:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/test_vard_rec.c:67:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/test_varm.c:261:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/tst_def_var_fill.c:193:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/tst_dimsizes.c:63:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/tst_free_comm.c:97:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/tst_info.c:87:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/tst_max_var_dims.c:51:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/tst_pthread.c:262:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/tst_version.c:28:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/tst_version.c:34:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str = (char*) malloc(strlen(ncmpi_inq_libvers())+1);
data/pnetcdf-1.12.1/test/testcases/varn_contig.c:94:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/varn_int.c:111:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
data/pnetcdf-1.12.1/test/testcases/vectors.c:48:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
ANALYSIS SUMMARY:
Hits = 2092
Lines analyzed = 137029 in approximately 4.83 seconds (28374 lines/second)
Physical Source Lines of Code (SLOC) = 94969
Hits@level = [0] 2295 [1] 406 [2] 930 [3] 90 [4] 664 [5] 2
Hits@level+ = [0+] 4387 [1+] 2092 [2+] 1686 [3+] 756 [4+] 666 [5+] 2
Hits/KSLOC@level+ = [0+] 46.194 [1+] 22.0282 [2+] 17.7532 [3+] 7.96049 [4+] 7.01281 [5+] 0.0210595
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.