Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/psignifit-2.5.6/psig-src/fitprefs.c
Examining data/psignifit-2.5.6/psig-src/universalprefix.h
Examining data/psignifit-2.5.6/psig-src/matrices.c
Examining data/psignifit-2.5.6/psig-src/matrices.h
Examining data/psignifit-2.5.6/psig-src/matlabtools.c
Examining data/psignifit-2.5.6/psig-src/matlabtools.h
Examining data/psignifit-2.5.6/psig-src/main.c
Examining data/psignifit-2.5.6/psig-src/adaptivestubs.c
Examining data/psignifit-2.5.6/psig-src/mathheader.h
Examining data/psignifit-2.5.6/psig-src/psychometric.c
Examining data/psignifit-2.5.6/psig-src/psychometric.h
Examining data/psignifit-2.5.6/psig-src/psignifit.c
Examining data/psignifit-2.5.6/psig-src/psignifit.h
Examining data/psignifit-2.5.6/psig-src/priors.c
Examining data/psignifit-2.5.6/psig-src/priors.h
Examining data/psignifit-2.5.6/psig-src/batchfiles.c
Examining data/psignifit-2.5.6/psig-src/batchfiles.h
Examining data/psignifit-2.5.6/psig-src/adaptiveinterface.h
Examining data/psignifit-2.5.6/psig-src/supportfunctions.c
Examining data/psignifit-2.5.6/psig-src/supportfunctions.h
FINAL RESULTS:
data/psignifit-2.5.6/psig-src/fitprefs.c:60:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m->writeFormat, writeFormat);
data/psignifit-2.5.6/psig-src/fitprefs.c:63:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp, "WRITE_%s", ident);
data/psignifit-2.5.6/psig-src/fitprefs.c:64:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(extn != NULL) sprintf(temp + strlen(temp), "%s", extn);
data/psignifit-2.5.6/psig-src/fitprefs.c:105:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp, ".%s", extn+1);
data/psignifit-2.5.6/psig-src/fitprefs.c:107:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(m->output + strlen(m->output), "%s", temp);
data/psignifit-2.5.6/psig-src/fitprefs.c:116:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp, "%s%s", ident, (extn ? extn : ""));
data/psignifit-2.5.6/psig-src/fitprefs.c:118:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((m->description = New(char, strlen(temp) + 1)), temp);
data/psignifit-2.5.6/psig-src/fitprefs.c:356:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nameBuffer, model->theta[pNum].name);
data/psignifit-2.5.6/psig-src/fitprefs.c:363:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempBuffer, "%s_LIMITS", nameBuffer);
data/psignifit-2.5.6/psig-src/fitprefs.c:368:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempBuffer, "%s_PRIOR", nameBuffer);
data/psignifit-2.5.6/psig-src/fitprefs.c:395:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(identBuffer, "FIX_%s", nameBuffer);
data/psignifit-2.5.6/psig-src/fitprefs.c:414:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempBuffer, "FIX_%s", nameBuffer);
data/psignifit-2.5.6/psig-src/fitprefs.c:786:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tryMatch, FunctionName(possible[i]));
data/psignifit-2.5.6/psig-src/fitprefs.c:794:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errMsg, "Unknown %s \"%s\" - recognized values are:", desc, buf);
data/psignifit-2.5.6/psig-src/fitprefs.c:795:40: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
for(i = 0; i < kNumberOfShapes; i++) sprintf(errMsg + strlen(errMsg), "%s%s", joiner, FunctionName(possible[i]));
data/psignifit-2.5.6/psig-src/matlabtools.c:103:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(temp, fmt, ap);
data/psignifit-2.5.6/psig-src/matlabtools.c:149:3: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(temp, fmt, ap);
data/psignifit-2.5.6/psig-src/matlabtools.c:152:12: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else nc = vfprintf(file, fmt, ap);
data/psignifit-2.5.6/psig-src/matrices.c:148:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(slice->writeFormat, m->writeFormat);
data/psignifit-2.5.6/psig-src/matrices.c:191:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest->writeFormat, src->writeFormat);
data/psignifit-2.5.6/psig-src/matrices.c:479:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest->writeFormat, src->writeFormat);
data/psignifit-2.5.6/psig-src/matrices.c:627:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
nc += fprintf(file, m->writeFormat, m_val(m));
data/psignifit-2.5.6/psig-src/matrices.c:641:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy((m->output = New(char, strlen(output)+1)), output);
data/psignifit-2.5.6/psig-src/matrices.c:647:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy((m->description = New(char, strlen(description)+1)), description);
data/psignifit-2.5.6/psig-src/priors.c:66:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
return printf(PriorDescription(c), s);
data/psignifit-2.5.6/psig-src/priors.c:139:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(gPriorString, "%%s is constrained within [%lg, %lg] using a beta function with params (%lg, %lg)", args[0], args[1], args[2], args[3]);
data/psignifit-2.5.6/psig-src/priors.c:176:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(gPriorString, "%%s is constrained using a raised cosine within [%lg, %lg]", args[0], args[1]);
data/psignifit-2.5.6/psig-src/priors.c:203:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(gPriorString, "%%s is constrained within [%lg, %lg]", args[0], args[1]);
data/psignifit-2.5.6/psig-src/priors.c:240:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(gPriorString, "%%s is constrained using a Gaussian prior with mean = %lg, std = %lg", args[0], args[1]);
data/psignifit-2.5.6/psig-src/psignifit.c:210:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{good = FALSE; if(errFmt) sprintf(errStr, "alpha = %lg is illegal for the %s function", temp, FunctionName(shape));}
data/psignifit-2.5.6/psig-src/psignifit.c:212:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{good = FALSE; if(errFmt) sprintf(errStr, "beta = %lg is illegal for the %s function", temp, FunctionName(shape));}
data/psignifit-2.5.6/psig-src/psignifit.c:224:3: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(contextStr, errFmt, ap);
data/psignifit-2.5.6/psig-src/psignifit.c:1807:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(slopeString, "d%s/d%s at F(x)==0.5", (gCutPsi ? "Psi" : "F"), (gLogSlopes ? "(log10 x)" : "x"));
data/psignifit-2.5.6/psig-src/supportfunctions.c:110:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
totalLen += sprintf(possibilities+totalLen, "\n\t%s", match[j]);
data/psignifit-2.5.6/psig-src/supportfunctions.c:137:23: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
{va_start(ap, fmt); vsprintf(temp, fmt, ap); va_end(ap);}
data/psignifit-2.5.6/psig-src/supportfunctions.c:149:23: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
{va_start(ap, fmt); vsprintf(temp, fmt, ap); va_end(ap);}
data/psignifit-2.5.6/psig-src/supportfunctions.c:197:23: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
{va_start(ap, fmt); vsprintf(temp, fmt, ap); va_end(ap);}
data/psignifit-2.5.6/psig-src/universalprefix.h:29:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define fprintf mex_fprintf
data/psignifit-2.5.6/psig-src/batchfiles.c:69:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(first && first->buffer) memcpy(b->buffer, first->buffer, (b->position = first->length));
data/psignifit-2.5.6/psig-src/batchfiles.c:70:31: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(second && second->buffer) memcpy(b->buffer + b->position, second->buffer, second->length);
data/psignifit-2.5.6/psig-src/batchfiles.c:181:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((stream = fopen(name, "r"))==NULL) {
data/psignifit-2.5.6/psig-src/batchfiles.c:272:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[6];
data/psignifit-2.5.6/psig-src/batchfiles.c:360:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, p, inputLength);
data/psignifit-2.5.6/psig-src/fitprefs.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[24];
data/psignifit-2.5.6/psig-src/fitprefs.c:263:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char identBuffer[kBufferLength], nameBuffer[kBufferLength], tempBuffer[kBufferLength], *s, *fieldStart;
data/psignifit-2.5.6/psig-src/fitprefs.c:317:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempBuffer, "GEN_PARAMS element #%d", pNum + 1);
data/psignifit-2.5.6/psig-src/fitprefs.c:346:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(nameBuffer, "SLOPE");
data/psignifit-2.5.6/psig-src/fitprefs.c:351:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(nameBuffer, "SHIFT");
data/psignifit-2.5.6/psig-src/fitprefs.c:574:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
option("WRITE_FORMAT", strcpy(out->numericFormat, "%lg")) {
data/psignifit-2.5.6/psig-src/fitprefs.c:763:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dataPrefixString[10] = "#data\n";
data/psignifit-2.5.6/psig-src/fitprefs.c:781:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *errMsg, tryMatch[32], *tempBuf, *s, joiner[] = "\n\t";
data/psignifit-2.5.6/psig-src/matlabtools.c:42:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gLastErrBuffer[kLastErrBufferSize];
data/psignifit-2.5.6/psig-src/matlabtools.c:98:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[256];
data/psignifit-2.5.6/psig-src/matlabtools.c:143:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[256];
data/psignifit-2.5.6/psig-src/matrices.c:83:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(m->writeFormat, "%lg");
data/psignifit-2.5.6/psig-src/matrices.c:291:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[8], *s;
data/psignifit-2.5.6/psig-src/matrices.c:337:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[8], *s;
data/psignifit-2.5.6/psig-src/matrices.c:351:32: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*/ if(file == NULL && (file = fopen(m->output, m->writeMode)) == NULL)
data/psignifit-2.5.6/psig-src/matrices.c:381:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, m->positions, mMaxDims * sizeof(long));
data/psignifit-2.5.6/psig-src/matrices.h:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char writeMode[4];
data/psignifit-2.5.6/psig-src/matrices.h:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char writeFormat[mNumericFormatLength+1];
data/psignifit-2.5.6/psig-src/priors.c:35:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gPriorString[128];
data/psignifit-2.5.6/psig-src/priors.c:136:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(gPriorString, "beta");
data/psignifit-2.5.6/psig-src/priors.c:173:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(gPriorString, "raised cosine");
data/psignifit-2.5.6/psig-src/priors.c:200:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(gPriorString, "flat");
data/psignifit-2.5.6/psig-src/priors.c:237:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(gPriorString, "Gaussian");
data/psignifit-2.5.6/psig-src/psignifit.c:61:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gErrorContext[128];
data/psignifit-2.5.6/psig-src/psignifit.c:204:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char contextStr[128] = "", errStr[128] = "";
data/psignifit-2.5.6/psig-src/psignifit.c:214:33: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
/*(*/ {good = FALSE; if(errFmt) sprintf(errStr, "gamma = %lg is outside the permissable range [0, 1)", temp);}
data/psignifit-2.5.6/psig-src/psignifit.c:217:33: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
/*(*/ {good = FALSE; if(errFmt) sprintf(errStr, "lambda = %lg is outside the permissable range [0, 1)", temp);}
data/psignifit-2.5.6/psig-src/psignifit.c:220:29: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{good = FALSE; if(errFmt) sprintf(errStr, "illegal value gamma + lambda = %lg (must be < 1)", temp);}
data/psignifit-2.5.6/psig-src/psignifit.c:226:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(*contextStr) sprintf(contextStr + strlen(contextStr), ": ");
data/psignifit-2.5.6/psig-src/psignifit.c:1518:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(gErrorContext, "failed to approximate generating distribution with the specified model:\n");
data/psignifit-2.5.6/psig-src/psignifit.c:1801:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shiftString[36], slopeString[36], tailLevelString[36], *str;
data/psignifit-2.5.6/psig-src/psignifit.c:1806:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(shiftString, "x at F(x)==0.5");
data/psignifit-2.5.6/psig-src/psignifit.c:1808:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tailLevelString, "F(%lg)", model->xValAtChance);
data/psignifit-2.5.6/psig-src/psignifit.h:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[kMaxParamNameLength+1];
data/psignifit-2.5.6/psig-src/psignifit.h:132:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numericFormat[mNumericFormatLength + 1];
data/psignifit-2.5.6/psig-src/supportfunctions.c:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[5], *endLocal, c;
data/psignifit-2.5.6/psig-src/supportfunctions.c:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nullString[1] = "", *possibilities, **match;
data/psignifit-2.5.6/psig-src/supportfunctions.c:133:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[255];
data/psignifit-2.5.6/psig-src/supportfunctions.c:145:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[255];
data/psignifit-2.5.6/psig-src/supportfunctions.c:193:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[255];
data/psignifit-2.5.6/psig-src/supportfunctions.c:242:33: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(dest != src && src != NULL) memcpy(dest, src, nElements*elementSize);
data/psignifit-2.5.6/psig-src/supportfunctions.c:298:105: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if(gBlock[i]!=NULL && gElementSize[i] == 1) {for(j = 0; j < gNumberOfElements[i]; j++) printf("%c", ((char *)(gBlock[i]))[j]); printf("\n");}
data/psignifit-2.5.6/psig-src/batchfiles.c:98:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(identifier);
data/psignifit-2.5.6/psig-src/batchfiles.c:191:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c=fgetc(stream))!=EOF) {
data/psignifit-2.5.6/psig-src/fitprefs.c:59:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(m->writeMode, "w");
data/psignifit-2.5.6/psig-src/fitprefs.c:64:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(extn != NULL) sprintf(temp + strlen(temp), "%s", extn);
data/psignifit-2.5.6/psig-src/fitprefs.c:74:15: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
case 'a': strcpy(m->writeMode, "a"); break;
data/psignifit-2.5.6/psig-src/fitprefs.c:82:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(extn != NULL && strlen(extn) >= 2) {
data/psignifit-2.5.6/psig-src/fitprefs.c:87:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp[strlen(temp) - strlen(extn)] = 0;
data/psignifit-2.5.6/psig-src/fitprefs.c:87:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp[strlen(temp) - strlen(extn)] = 0;
data/psignifit-2.5.6/psig-src/fitprefs.c:95:16: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
case 'a': strcpy(m->writeMode, "a"); break;
data/psignifit-2.5.6/psig-src/fitprefs.c:104:30: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if(*m->writeMode == 'a') {strcpy(m->writeMode, "w"); JWarning("in MATLAB the -a switch has no effect when using #%s to write a whole struct", temp);}
data/psignifit-2.5.6/psig-src/fitprefs.c:106:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m->output = ResizeBlock(m->output, strlen(m->output) + strlen(temp) + 1);
data/psignifit-2.5.6/psig-src/fitprefs.c:106:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m->output = ResizeBlock(m->output, strlen(m->output) + strlen(temp) + 1);
data/psignifit-2.5.6/psig-src/fitprefs.c:107:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(m->output + strlen(m->output), "%s", temp);
data/psignifit-2.5.6/psig-src/fitprefs.c:110:35: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if(strcmp(extn+1, "est") != 0) strcpy(m->writeMode, "a"); /* after _EST, all the others are appended */
data/psignifit-2.5.6/psig-src/fitprefs.c:118:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy((m->description = New(char, strlen(temp) + 1)), temp);
data/psignifit-2.5.6/psig-src/fitprefs.c:183:9: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
#define mismatch(t, v) ((already = flags.t, previous = vals.t, vals.t = (v), flags.t = TRUE, already) && (previous != vals.t))
data/psignifit-2.5.6/psig-src/fitprefs.c:192:28: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(flags.y && flags.n && mismatch(r, floor(0.5 + vals.y * vals.n))) break;
data/psignifit-2.5.6/psig-src/fitprefs.c:193:28: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(flags.r && flags.n && mismatch(w, vals.n - vals.r)) break;
data/psignifit-2.5.6/psig-src/fitprefs.c:194:28: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(flags.w && flags.n && mismatch(r, vals.n - vals.w)) break;
data/psignifit-2.5.6/psig-src/fitprefs.c:195:28: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(flags.r && flags.w && mismatch(n, vals.r + vals.w)) break;
data/psignifit-2.5.6/psig-src/fitprefs.c:700:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(out->dataExport->output, s, strlen(s) + 1);
data/psignifit-2.5.6/psig-src/fitprefs.c:769:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dataPrefix = BatchString(dataPrefixString, strlen(dataPrefixString), FALSE);
data/psignifit-2.5.6/psig-src/fitprefs.c:783:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempBuf = CopyVals(NULL, buf, strlen(buf)+1, sizeof(char));
data/psignifit-2.5.6/psig-src/fitprefs.c:787:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
totalLength += strlen(tryMatch) + strlen(joiner);
data/psignifit-2.5.6/psig-src/fitprefs.c:787:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
totalLength += strlen(tryMatch) + strlen(joiner);
data/psignifit-2.5.6/psig-src/fitprefs.c:789:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncmp(tempBuf, tryMatch, strlen(tempBuf)) == 0) {matched = possible[i]; break;}
data/psignifit-2.5.6/psig-src/fitprefs.c:793:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
errMsg = New(char, totalLength + strlen(buf) + strlen(desc) + 64);
data/psignifit-2.5.6/psig-src/fitprefs.c:793:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
errMsg = New(char, totalLength + strlen(buf) + strlen(desc) + 64);
data/psignifit-2.5.6/psig-src/fitprefs.c:795:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i = 0; i < kNumberOfShapes; i++) sprintf(errMsg + strlen(errMsg), "%s%s", joiner, FunctionName(possible[i]));
data/psignifit-2.5.6/psig-src/main.c:133:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(input != NULL && strncmp(input->buffer, "#data\n-t", strlen("#data\n-t")) == 0) doSelfTest = TRUE;
data/psignifit-2.5.6/psig-src/matlabtools.c:72:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(name == NULL || strlen(name) == 0)
data/psignifit-2.5.6/psig-src/matlabtools.c:74:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(name) > mxMAXNAM - 1) {
data/psignifit-2.5.6/psig-src/matlabtools.c:138:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return ((strlen(gLastErrBuffer) > 0) ? gLastErrBuffer : NULL);
data/psignifit-2.5.6/psig-src/matrices.c:82:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(m->writeMode, "w");
data/psignifit-2.5.6/psig-src/matrices.c:295:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp, m->output, 7); for(s = temp; *s; s++) *s = tolower(*s);
data/psignifit-2.5.6/psig-src/matrices.c:296:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(temp) == 0 || strcmp(temp, "null") == 0 || strcmp(temp, "false") == 0 || strcmp(temp, "0") == 0) {Destroy(m->output); m->output = NULL;}
data/psignifit-2.5.6/psig-src/matrices.c:341:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp, m->output, 7); for(s = temp; *s; s++) *s = tolower(*s);
data/psignifit-2.5.6/psig-src/matrices.c:342:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(temp) == 0 || strcmp(temp, "null") == 0 || strcmp(temp, "false") == 0 || strcmp(temp, "0") == 0) {Destroy(m->output); m->output = NULL;}
data/psignifit-2.5.6/psig-src/matrices.c:621:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(m->description && strlen(m->description) > 0) nc += fprintf(file, "#%s\n", m->description);
data/psignifit-2.5.6/psig-src/matrices.c:640:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(output == NULL || strlen(output) == 0) m->output = NULL;
data/psignifit-2.5.6/psig-src/matrices.c:641:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else strcpy((m->output = New(char, strlen(output)+1)), output);
data/psignifit-2.5.6/psig-src/matrices.c:643:24: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if(writeMode != NULL) strncpy(m->writeMode, writeMode, 3);
data/psignifit-2.5.6/psig-src/matrices.c:646:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(description == NULL || strlen(description) == 0) m->description = NULL;
data/psignifit-2.5.6/psig-src/matrices.c:647:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else strcpy((m->description = New(char, strlen(description)+1)), description);
data/psignifit-2.5.6/psig-src/psignifit.c:226:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(*contextStr) sprintf(contextStr + strlen(contextStr), ": ");
data/psignifit-2.5.6/psig-src/psignifit.c:337:3: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(gErrorContext, "");
data/psignifit-2.5.6/psig-src/psignifit.c:1230:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(model->theta[paramNumber].name, paramName, kMaxParamNameLength);
data/psignifit-2.5.6/psig-src/psignifit.c:1540:2: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(gErrorContext, "");
data/psignifit-2.5.6/psig-src/psignifit.c:1847:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefs.buffer = prefString; prefs.length = strlen(prefString);
data/psignifit-2.5.6/psig-src/supportfunctions.c:55:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp, start, 4);
data/psignifit-2.5.6/psig-src/supportfunctions.c:97:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
totalLen += strlen(match[i]);
data/psignifit-2.5.6/psig-src/supportfunctions.c:136:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(fmt!=NULL && strlen(fmt)>0)
data/psignifit-2.5.6/psig-src/supportfunctions.c:148:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(fmt!=NULL && strlen(fmt)>0)
data/psignifit-2.5.6/psig-src/supportfunctions.c:159:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(errorString == NULL || strlen(errorString) == 0) errorString = unspecifiedString;
data/psignifit-2.5.6/psig-src/supportfunctions.c:196:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(fmt!=NULL && strlen(fmt)>0)
data/psignifit-2.5.6/psig-src/supportfunctions.c:206:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(warnString == NULL || strlen(warnString) == 0) warnString = unspecifiedString;
data/psignifit-2.5.6/psig-src/supportfunctions.c:211:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(warnString)>0) {
data/psignifit-2.5.6/psig-src/supportfunctions.c:665:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mexEvalf("input('%s... ', 's');", ((message != NULL && strlen(message) > 0) ? message : "press return"));
data/psignifit-2.5.6/psig-src/supportfunctions.c:668:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%s... ", ((message != NULL && strlen(message) > 0) ? message : "press return"));
ANALYSIS SUMMARY:
Hits = 144
Lines analyzed = 6845 in approximately 0.41 seconds (16881 lines/second)
Physical Source Lines of Code (SLOC) = 5318
Hits@level = [0] 95 [1] 59 [2] 47 [3] 0 [4] 38 [5] 0
Hits@level+ = [0+] 239 [1+] 144 [2+] 85 [3+] 38 [4+] 38 [5+] 0
Hits/KSLOC@level+ = [0+] 44.9417 [1+] 27.0778 [2+] 15.9835 [3+] 7.14554 [4+] 7.14554 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.