Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/r-cran-haven-2.3.1/src/haven_types.cpp Examining data/r-cran-haven-2.3.1/src/tagged_na.c Examining data/r-cran-haven-2.3.1/src/DfWriter.cpp Examining data/r-cran-haven-2.3.1/src/readstat/CKHashTable.h Examining data/r-cran-haven-2.3.1/src/readstat/readstat_convert.h Examining data/r-cran-haven-2.3.1/src/readstat/readstat_value.c Examining data/r-cran-haven-2.3.1/src/readstat/readstat_malloc.h Examining data/r-cran-haven-2.3.1/src/readstat/readstat_bits.c Examining data/r-cran-haven-2.3.1/src/readstat/readstat_io_unistd.h Examining data/r-cran-haven-2.3.1/src/readstat/readstat_iconv.h Examining data/r-cran-haven-2.3.1/src/readstat/txt/readstat_schema.h Examining data/r-cran-haven-2.3.1/src/readstat/txt/readstat_copy.c Examining data/r-cran-haven-2.3.1/src/readstat/txt/readstat_copy.h Examining data/r-cran-haven-2.3.1/src/readstat/txt/commands_util.h Examining data/r-cran-haven-2.3.1/src/readstat/txt/readstat_txt_read.c Examining data/r-cran-haven-2.3.1/src/readstat/txt/readstat_spss_commands_read.c Examining data/r-cran-haven-2.3.1/src/readstat/txt/readstat_schema.c Examining data/r-cran-haven-2.3.1/src/readstat/txt/commands_util.c Examining data/r-cran-haven-2.3.1/src/readstat/txt/readstat_stata_dictionary_read.c Examining data/r-cran-haven-2.3.1/src/readstat/txt/readstat_sas_commands_read.c Examining data/r-cran-haven-2.3.1/src/readstat/readstat_malloc.c Examining data/r-cran-haven-2.3.1/src/readstat/spss/readstat_spss.h Examining data/r-cran-haven-2.3.1/src/readstat/spss/readstat_zsav_compress.c Examining data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_parse.c Examining data/r-cran-haven-2.3.1/src/readstat/spss/readstat_zsav_write.h Examining data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_parse.c Examining data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_parse.h Examining data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav.h Examining data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_read.c Examining data/r-cran-haven-2.3.1/src/readstat/spss/readstat_zsav_write.c Examining data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_parse_timestamp.c Examining data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_parse.h Examining data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_compress.h Examining data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_write.c Examining data/r-cran-haven-2.3.1/src/readstat/spss/readstat_zsav_read.c Examining data/r-cran-haven-2.3.1/src/readstat/spss/readstat_zsav_compress.h Examining data/r-cran-haven-2.3.1/src/readstat/spss/readstat_spss_parse.c Examining data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por.c Examining data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav.c Examining data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_parse_timestamp.h Examining data/r-cran-haven-2.3.1/src/readstat/spss/readstat_zsav_read.h Examining data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c Examining data/r-cran-haven-2.3.1/src/readstat/spss/readstat_spss_parse.h Examining data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_compress.c Examining data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c Examining data/r-cran-haven-2.3.1/src/readstat/spss/readstat_spss.c Examining data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por.h Examining data/r-cran-haven-2.3.1/src/readstat/readstat_convert.c Examining data/r-cran-haven-2.3.1/src/readstat/readstat_parser.c Examining data/r-cran-haven-2.3.1/src/readstat/readstat_variable.c Examining data/r-cran-haven-2.3.1/src/readstat/readstat_io_unistd.c Examining data/r-cran-haven-2.3.1/src/readstat/readstat_writer.h Examining data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta.h Examining data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c Examining data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c Examining data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta.c Examining data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_parse_timestamp.h Examining data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_parse_timestamp.c Examining data/r-cran-haven-2.3.1/src/readstat/readstat_writer.c Examining data/r-cran-haven-2.3.1/src/readstat/readstat_bits.h Examining data/r-cran-haven-2.3.1/src/readstat/CKHashTable.c Examining data/r-cran-haven-2.3.1/src/readstat/readstat_metadata.c Examining data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport.c Examining data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_write.c Examining data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.h Examining data/r-cran-haven-2.3.1/src/readstat/sas/ieee.c Examining data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_read.c Examining data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport.h Examining data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas_rle.h Examining data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_read.c Examining data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_write.c Examining data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas_rle.c Examining data/r-cran-haven-2.3.1/src/readstat/sas/ieee.h Examining data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.c Examining data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c Examining data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_read.c Examining data/r-cran-haven-2.3.1/src/readstat/readstat.h Examining data/r-cran-haven-2.3.1/src/readstat/readstat_error.c Examining data/r-cran-haven-2.3.1/src/DfReader.cpp Examining data/r-cran-haven-2.3.1/src/haven_types.h Examining data/r-cran-haven-2.3.1/src/tagged_na.h Examining data/r-cran-haven-2.3.1/src/RcppExports.cpp FINAL RESULTS: data/r-cran-haven-2.3.1/src/readstat/readstat_writer.c:415:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(note_copy, note); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.c:269:13: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(error_buf, sizeof(error_buf), data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_read.c:931:17: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(ctx->error_buf, sizeof(ctx->error_buf), data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_read.c:997:17: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(ctx->error_buf, sizeof(ctx->error_buf), data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_read.c:1030:17: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(ctx->error_buf, sizeof(ctx->error_buf), data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_read.c:1135:13: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(ctx->error_buf, sizeof(ctx->error_buf), "ReadStat: Failed to seek to position %" PRId64, data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_write.c:108:13: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(variable->format, "%s%d.%d", name, &width, &decimals); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_write.c:180:31: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. int matches = sscanf(variable->format, "%s%d.%d", format_name, &width, &decimals); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_read.c:515:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(varinfo->label, string); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_read.c:529:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(label_name_buf, sizeof(label_name_buf), POR_LABEL_NAME_PREFIX "%d", ctx->labels_offset); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_read.c:702:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(label_name_buf, sizeof(label_name_buf), POR_LABEL_NAME_PREFIX "%d", info->labels_index); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:465:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(label_name_buf, sizeof(label_name_buf), SAV_LABEL_NAME_PREFIX "%d", ctx->value_labels_count); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:1071:17: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(label_name_buf, sizeof(label_name_buf), data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:1486:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(label_name_buf, sizeof(label_name_buf), SAV_LABEL_NAME_PREFIX "%d", info->labels_index); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:414:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(format, "%%%s%s", data/r-cran-haven-2.3.1/src/DfReader.cpp:464:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual int open(void* io_ctx) = 0; data/r-cran-haven-2.3.1/src/DfReader.cpp:511:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int open(void* io_ctx) { data/r-cran-haven-2.3.1/src/DfReader.cpp:512:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file_.open(filename_.c_str(), std::ifstream::binary); data/r-cran-haven-2.3.1/src/DfReader.cpp:535:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int open(void* io_ctx) { data/r-cran-haven-2.3.1/src/DfReader.cpp:546:37: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return ((DfReaderInput*) io_ctx)->open(io_ctx); data/r-cran-haven-2.3.1/src/DfWriter.cpp:61:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pOut_ = fopen(path.c_str(), "wb"); data/r-cran-haven-2.3.1/src/readstat/CKHashTable.c:10:44: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static inline void ck_float2str(float key, char keystr[6]); data/r-cran-haven-2.3.1/src/readstat/CKHashTable.c:11:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static inline void ck_double2str(double key, char keystr[11]); data/r-cran-haven-2.3.1/src/readstat/CKHashTable.c:24:44: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static inline void ck_float2str(float key, char keystr[6]) { data/r-cran-haven-2.3.1/src/readstat/CKHashTable.c:25:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(keystr, &key, 4); data/r-cran-haven-2.3.1/src/readstat/CKHashTable.c:35:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static inline void ck_double2str(double key, char keystr[11]) { data/r-cran-haven-2.3.1/src/readstat/CKHashTable.c:36:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(keystr, &key, 8); data/r-cran-haven-2.3.1/src/readstat/CKHashTable.c:54:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keystr[6]; data/r-cran-haven-2.3.1/src/readstat/CKHashTable.c:60:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keystr[6]; data/r-cran-haven-2.3.1/src/readstat/CKHashTable.c:67:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keystr[11]; data/r-cran-haven-2.3.1/src/readstat/CKHashTable.c:73:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keystr[11]; data/r-cran-haven-2.3.1/src/readstat/CKHashTable.c:137:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(table->entries[hash_key].key, key, keylen); data/r-cran-haven-2.3.1/src/readstat/CKHashTable.h:10:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[CK_HASH_KEY_SIZE]; data/r-cran-haven-2.3.1/src/readstat/readstat.h:168:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/r-cran-haven-2.3.1/src/readstat/readstat.h:187:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[300]; data/r-cran-haven-2.3.1/src/readstat/readstat.h:188:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char format[256]; data/r-cran-haven-2.3.1/src/readstat/readstat.h:189:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[1024]; data/r-cran-haven-2.3.1/src/readstat/readstat.h:209:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char labelset[32]; data/r-cran-haven-2.3.1/src/readstat/readstat.h:214:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[255]; data/r-cran-haven-2.3.1/src/readstat/readstat.h:319:36: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). readstat_open_handler open; data/r-cran-haven-2.3.1/src/readstat/readstat.h:407:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[1]; // Flexible array; using [1] for C++98 compatibility data/r-cran-haven-2.3.1/src/readstat/readstat.h:482:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_label[100]; data/r-cran-haven-2.3.1/src/readstat/readstat.h:483:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char table_name[33]; data/r-cran-haven-2.3.1/src/readstat/readstat_bits.c:57:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&answer, &num, 4); data/r-cran-haven-2.3.1/src/readstat/readstat_bits.c:59:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&num, &answer, 4); data/r-cran-haven-2.3.1/src/readstat/readstat_bits.c:65:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&answer, &num, 8); data/r-cran-haven-2.3.1/src/readstat/readstat_bits.c:67:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&num, &answer, 8); data/r-cran-haven-2.3.1/src/readstat/readstat_convert.c:32:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, src_len); data/r-cran-haven-2.3.1/src/readstat/readstat_iconv.h:14:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[32]; data/r-cran-haven-2.3.1/src/readstat/readstat_io_unistd.c:23:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(path, UNISTD_OPEN_OPTIONS); data/r-cran-haven-2.3.1/src/readstat/readstat_writer.c:34:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ref->data[0], string, len); data/r-cran-haven-2.3.1/src/readstat/readstat_writer.c:82:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(value_label->label, label, value_label->label_len); data/r-cran-haven-2.3.1/src/readstat/readstat_writer.c:261:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zeros[len]; data/r-cran-haven-2.3.1/src/readstat/readstat_writer.c:355:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_value_label->string_key, value, new_value_label->string_key_len); data/r-cran-haven-2.3.1/src/readstat/sas/ieee.c:42:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char temp[8]; data/r-cran-haven-2.3.1/src/readstat/sas/ieee.c:77:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to,from,8); data/r-cran-haven-2.3.1/src/readstat/sas/ieee.c:84:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. else memcpy(to,from,8); data/r-cran-haven-2.3.1/src/readstat/sas/ieee.c:91:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp,to,8); data/r-cran-haven-2.3.1/src/readstat/sas/ieee.c:118:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[8]; data/r-cran-haven-2.3.1/src/readstat/sas/ieee.c:125:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp,xport,8); data/r-cran-haven-2.3.1/src/readstat/sas/ieee.c:134:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&xport1,temp,sizeof(uint32_t)); data/r-cran-haven-2.3.1/src/readstat/sas/ieee.c:136:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&xport2,temp+4,sizeof(uint32_t)); data/r-cran-haven-2.3.1/src/readstat/sas/ieee.c:244:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ieee,&ieee1,sizeof(uint32_t)); data/r-cran-haven-2.3.1/src/readstat/sas/ieee.c:246:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ieee+4,&ieee2,sizeof(uint32_t)); data/r-cran-haven-2.3.1/src/readstat/sas/ieee.c:266:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ieee8[8]; data/r-cran-haven-2.3.1/src/readstat/sas/ieee.c:268:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ieee8,ieee,8); data/r-cran-haven-2.3.1/src/readstat/sas/ieee.c:271:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ieee1,ieee8,sizeof(uint32_t)); data/r-cran-haven-2.3.1/src/readstat/sas/ieee.c:273:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ieee2,ieee8+4,sizeof(uint32_t)); data/r-cran-haven-2.3.1/src/readstat/sas/ieee.c:414:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xport,&xport1,sizeof(uint32_t)); data/r-cran-haven-2.3.1/src/readstat/sas/ieee.c:416:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xport+4,&xport2,sizeof(uint32_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.c:22:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sas7bdat_magic_number[32] = { data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.c:29:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sas7bcat_magic_number[32] = { data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.c:87:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp, data, 8); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.c:93:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp, data, 4); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.c:99:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp, data, 2); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.c:112:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_buf[1024]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.c:157:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hinfo->file_label, header_start.file_label, sizeof(header_start.file_label)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.c:292:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header_start.file_label, writer->file_label, file_label_len); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.c:294:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header_start.file_label, "DATASET", sizeof("DATASET")-1); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.c:350:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char release[sizeof(header_end.release)+1] = { 0 }; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.h:8:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char magic[32]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.h:10:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mystery1[2]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.h:12:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mystery2[1]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.h:14:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mystery3[1]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.h:16:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mystery4[30]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.h:18:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mystery5[13]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.h:19:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_type[8]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.h:20:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_label[64]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.h:21:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_info[8]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.h:25:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char release[8]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.h:26:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host[16]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.h:27:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char version[16]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.h:28:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char os_vendor[16]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.h:29:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char os_name[16]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.h:30:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extra[48]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.h:50:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_label[64]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.h:111:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern unsigned char sas7bdat_magic_number[32]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.h:112:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern unsigned char sas7bcat_magic_number[32]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_read.c:93:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string_val[4*16+1]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_read.c:108:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dval, &val, 8); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_read.c:120:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[4*label_len+1]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_read.c:149:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[4*32+1]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_read.c:274:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chain_link[32]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_read.c:322:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chain_link[32]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_read.c:380:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (io->open(path, io->io_ctx) == -1) { data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_read.c:418:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_label[4*64+1]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_write.c:14:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[1]; // Flexible array; use [1] for C++-98 compatibility data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_write.c:21:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[32]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_write.c:32:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&name[0], r_label_set->name, name_len); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_write.c:46:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&block->data[38], &count, sizeof(int32_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_write.c:47:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&block->data[42], &count, sizeof(int32_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_write.c:50:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&block->data[8], name, 8); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_write.c:53:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&block->data[106], name, name_len); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_write.c:58:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&block->data[8], name, name_len); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_write.c:68:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&lbp1[10], &index, sizeof(int32_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_write.c:74:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&lbp1[14], value_label->string_key, string_len); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_write.c:78:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&big_endian_value, &double_value, sizeof(double)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_write.c:82:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&lbp1[22], &big_endian_value, sizeof(uint64_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_write.c:86:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&lbp2[8], &label_len, sizeof(int16_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_write.c:87:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&lbp2[10], value_label->label, label_len); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_write.c:148:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&xlsr[0], "XLSR", 4); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_write.c:150:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&xlsr[4], &block_idx, sizeof(int16_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_write.c:151:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&xlsr[8], &block_off, sizeof(int16_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_write.c:172:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char block_header[16]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_write.c:183:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&block_header[0], &next_page, sizeof(int32_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_write.c:184:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&block_header[4], &next_off, sizeof(int16_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_write.c:185:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&block_header[6], &block_len, sizeof(int16_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_write.c:187:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&page[block_off], block_header, sizeof(block_header)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_write.c:190:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&page[block_off], blocks[i]->data, blocks[i]->len); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_read.c:88:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_label[4*64+1]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_read.c:89:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_buf[2048]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_read.c:153:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(blob, subheader+signature_len, len-signature_len); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_read.c:416:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dval, &val, 8); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_read.c:1062:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (io->open(path, io->io_ctx) == -1) { data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:172:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&subheader->data[40], &row_length, sizeof(int64_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:173:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&subheader->data[48], &row_count, sizeof(int64_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:174:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&subheader->data[72], &ncfl1, sizeof(int64_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:175:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&subheader->data[104], &page_size, sizeof(int64_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:183:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&subheader->data[20], &row_length, sizeof(int32_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:184:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&subheader->data[24], &row_count, sizeof(int32_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:185:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&subheader->data[36], &ncfl1, sizeof(int32_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:186:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&subheader->data[52], &page_size, sizeof(int32_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:200:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&subheader->data[8], &col_count, sizeof(int64_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:203:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&subheader->data[4], &col_count, sizeof(int32_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:220:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&subheader->data[signature_len], &remainder, sizeof(uint16_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:228:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ptrs[0], &text_ref.index, sizeof(uint16_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:229:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ptrs[2], &text_ref.offset, sizeof(uint16_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:230:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ptrs[4], &text_ref.length, sizeof(uint16_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:249:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&subheader->data[signature_len], &remainder, sizeof(uint16_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:261:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ptrs[0], &offset, sizeof(uint64_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:265:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ptrs[0], &offset32, sizeof(uint32_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:275:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ptrs[0], &width, sizeof(uint32_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:276:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ptrs[4], &name_length_flag, sizeof(uint16_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:294:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&subheader->data[format_offset+0], &text_ref.index, sizeof(uint16_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:295:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&subheader->data[format_offset+2], &text_ref.offset, sizeof(uint16_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:296:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&subheader->data[format_offset+4], &text_ref.length, sizeof(uint16_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:300:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&subheader->data[label_offset+0], &text_ref.index, sizeof(uint16_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:301:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&subheader->data[label_offset+2], &text_ref.offset, sizeof(uint16_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:302:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&subheader->data[label_offset+4], &text_ref.length, sizeof(uint16_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:322:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&subheader->data[signature_len], &used, sizeof(uint16_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:324:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&subheader->data[signature_len+28], column_text->data, column_text->used); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:425:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&page[hinfo->page_header_size-8], &page_type, sizeof(int16_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:443:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&page[shp_ptr_offset], &offset, sizeof(uint64_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:444:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&page[shp_ptr_offset+8], &len, sizeof(uint64_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:456:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&subheader->data[0], &signature64, sizeof(int64_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:458:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&subheader->data[0], &signature32, sizeof(int32_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:464:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&page[shp_ptr_offset], &offset, sizeof(uint32_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:465:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&page[shp_ptr_offset+4], &len, sizeof(uint32_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:475:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&subheader->data[0], &signature32, sizeof(int32_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:482:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&page[shp_data_offset], subheader->data, subheader->len); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:489:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&page[34], &shp_count, sizeof(int16_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:490:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&page[36], &shp_count, sizeof(int16_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:492:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&page[18], &shp_count, sizeof(int16_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:493:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&page[20], &shp_count, sizeof(int16_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:619:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(row, &value, sizeof(double)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:642:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chars[8]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:702:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[hinfo->page_header_size]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:704:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&header[hinfo->page_header_size-6], &page_row_count, sizeof(int16_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:705:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&header[hinfo->page_header_size-8], &page_type, sizeof(int16_t)); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:740:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(subheader->data, bytes, len); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas_rle.c:108:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&output[output_written], input, copy_len); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas_rle.c:145:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, copy, MAX_COPY_RUN); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas_rle.c:165:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, copy, copy_run); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport.c:6:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _xport_months[12][4] = { data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport.h:3:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[9]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport.h:13:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char _xport_months[12][4]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport.h:21:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nname[8]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport.h:22:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nlabel[40]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport.h:23:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nform[8]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport.h:27:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nfill[2]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport.h:28:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char niform[8]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport.h:32:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char longname[32]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport.h:34:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rest[18]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_read.c:35:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_label[40*4+1]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_read.c:36:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char table_name[32*4+1]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_read.c:107:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[LINE_LEN+1]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_read.c:150:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[LINE_LEN+1]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_read.c:167:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[LINE_LEN+1]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_read.c:203:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[LINE_LEN+1]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_read.c:206:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char month[4]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_read.c:283:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char format[4*src_len+1]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_read.c:325:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[name_len+1]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_read.c:326:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[label_len+1]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_read.c:388:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[name_len+1]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_read.c:389:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char format[format_len+1]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_read.c:390:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char informat[informat_len+1]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_read.c:391:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[label_len+1]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_read.c:550:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char full_value[8] = { 0 }; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_read.c:560:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(full_value, &row[pos], variable->storage_width); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_read.c:679:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (io->open(path, io->io_ctx) == -1) { data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_write.c:49:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char record[RECORD_LEN+1]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_write.c:58:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char record[RECORD_LEN+1]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_write.c:106:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[24]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_write.c:158:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(header.name, "LABELV9"); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_write.c:171:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char format_name[24]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_write.c:258:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(xrecord.name, "LIBV8"); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_write.c:265:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char real_record[RECORD_LEN+1]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_write.c:279:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(xrecord.name, "MEMBV8"); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_write.c:289:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(xrecord.name, "DSCPTV8"); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_write.c:297:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char member_header[RECORD_LEN+1]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_write.c:317:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char member_header[RECORD_LEN+1]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_write.c:333:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char member_header[RECORD_LEN+1]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_write.c:347:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(xrecord.name, "NAMSTV8"); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_write.c:357:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(xrecord.name, "OBSV8"); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_write.c:384:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timestamp[17]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_write.c:449:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char full_value[8]; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_write.c:455:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(row, full_value, var->storage_width); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_write.c:483:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(row, string, value_len); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por.c:102:40: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ssize_t por_utf8_encode(const unsigned char *input, size_t input_len, data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por.c:103:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *output, size_t output_len, uint16_t lookup[256]) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por.c:132:27: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. int printed = sprintf(output + offset, "%lc", codepoint); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por.h:16:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fweight_name[9]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por.h:17:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_label[21]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por.h:36:40: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ssize_t por_utf8_encode(const unsigned char *input, size_t input_len, data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por.h:37:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *output, size_t output_len, uint16_t lookup[256]); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_parse.c:258:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_buf[1024]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_read.c:95:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[100]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_read.c:96:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char utf8_buffer[300]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_read.c:97:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_buf[1024]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_read.c:198:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_buf[1024]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_read.c:478:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[256]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_read.c:501:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[256]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_read.c:525:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[256]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_read.c:527:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label_name_buf[256]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_read.c:528:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label_buf[256]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_read.c:581:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char input_string[256]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_read.c:582:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output_string[4*256+1]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_read.c:583:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_buf[1024]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_read.c:658:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[256]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_read.c:696:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label_name_buf[256]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_read.c:742:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char reverse_lookup[256]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_read.c:743:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vanity[5][40]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_read.c:744:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_buf[1024]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_read.c:766:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (io->open(path, io->io_ctx) == -1) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_read.c:809:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char check[8]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_read.c:810:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tr_check[8]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_read.c:835:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[256]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_write.c:57:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_buf[1024]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_write.c:79:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[2]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_write.c:143:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_buf[1024]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_write.c:144:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[256]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_write.c:202:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vanity[5][40]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_write.c:205:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vanity[1], "ASCII SPSS PORT FILE", 20); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_write.c:212:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lookup[256]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_write.c:243:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date[9]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_write.c:251:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time[7]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav.h:12:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rec_type[4]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav.h:13:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prod_name[60]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav.h:20:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char creation_date[9]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav.h:21:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char creation_time[8]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav.h:22:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_label[64]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav.h:23:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char padding[3]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav.h:32:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[8]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav.h:78:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_label[4*64+1]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_compress.c:35:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&output[output_offset], &input[input_offset], 8); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_compress.c:48:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&int_value, &input[input_offset], 8); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_compress.c:53:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&fp_value, &input[input_offset], 8); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_compress.c:58:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&output[output_offset], &input[input_offset], 8); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_compress.c:88:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->chunk, state->next_in, 8); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_compress.c:106:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->next_out, state->next_in, 8); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_compress.c:118:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->next_out, &missing_value, sizeof(uint64_t)); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_compress.c:125:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->next_out, &fp_value, sizeof(double)); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_compress.h:17:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char chunk[8]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_parse.c:13:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[8*4+1]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_parse.c:54:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(entry->name, info->name, sizeof(info->name)); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_parse.c:626:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_key[4*8+1]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_parse.c:627:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_val[4*64+1]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_parse.c:631:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_buf[8192]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_parse.c:744:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info->longname, temp_val, str_len); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_parse.c:755:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp_key, str_start, str_len); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_parse.c:762:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp_val, str_start, str_len); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_parse.c:804:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info->longname, temp_val, str_len); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_parse.c:815:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp_val, str_start, str_len); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_parse.c:971:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_key[8*4+1]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_parse.c:1098:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp_key, str_start, str_len); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_parse_timestamp.c:74:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_buf[8192]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_parse_timestamp.c:349:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_buf[8192]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:116:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char raw_value[8]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:117:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char utf8_string_value[8*4+1]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:150:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&long_value, &fp_value, 8); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:263:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&long_value, &info->missing_double_values[i], 8); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:282:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char missing_value[8]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:461:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label_name_buf[256]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:486:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label_buf[256]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:578:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&val_d, vlabel->raw_value, 8); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:646:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char raw_buffer[SPSS_DOC_LINE_SIZE]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:647:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char utf8_buffer[4*SPSS_DOC_LINE_SIZE+1]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:704:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->raw_string + raw_str_used, &buffer[data_offset], 8); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:733:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&fp_value, &buffer[data_offset], 8); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:843:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[DATA_BUFFER_SIZE]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:913:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&record, data, data_len); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:929:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_buf[1024]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:955:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&fp_info, data, sizeof(sav_machine_floating_point_info_record_t)); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:1020:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&var_name_len, data_ptr, sizeof(uint32_t)); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:1054:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char var_name_buf[256*4+1]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:1055:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label_name_buf[256]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:1090:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&label_count, data_ptr, sizeof(uint32_t)); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:1105:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&value_len, data_ptr, sizeof(uint32_t)); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:1134:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&label_len, data_ptr, sizeof(uint32_t)); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:1188:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char var_name_buf[256*4+1]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:1219:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&var_name_len, data_ptr, sizeof(uint32_t)); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:1258:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_buf[4096]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:1482:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label_name_buf[256]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:1556:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (io->open(path, io->io_ctx) == -1) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:37:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shortname[9]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:38:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stem[6]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:125:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char creation_date[sizeof(header.creation_date)+1] = { 0 }; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:126:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char creation_time[sizeof(header.creation_time)+1] = { 0 }; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:133:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header.rec_type, "$FL2", sizeof("$FL2")-1); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:138:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header.prod_name, data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:178:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header.file_label, writer->file_label, file_label_len); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:191:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char padded_label[MAX_LABEL_SIZE]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:383:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_data[9]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:409:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(variable.name, name_data, name_data_len); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:440:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_data[9]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:457:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(variable.name, name_data, name_len); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:538:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[8]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:544:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(value, r_value_label->string_key, key_len); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:547:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(value, &num_val, sizeof(double)); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:550:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(value, &num_val, sizeof(double)); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:564:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[MAX_VALUE_LABEL_SIZE+8]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:566:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(label, label_data, label_len); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:766:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_data[9]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:795:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_data[9]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:838:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tuple_separator[2] = { 0x00, 0x09 }; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:852:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_data[9]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:855:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char kv_data[8+1+5+1]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:874:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_data[9]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:877:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char kv_data[8+1+5+1]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:1158:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(row, &dval, sizeof(double)); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:1164:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(row, &dval, sizeof(double)); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:1170:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(row, &dval, sizeof(double)); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:1176:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(row, &dval, sizeof(double)); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:1182:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(row, &dval, sizeof(double)); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:1198:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&row_bytes[row_offset], &value[val_offset], 255); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:1202:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&row_bytes[row_offset], &value[val_offset], value_len - val_offset); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:1214:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(row, &missing_val, sizeof(uint64_t)); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_spss.c:87:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&special_val, &dval, sizeof(double)); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_spss.h:74:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char missing_string_values[3][8*4+1]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_spss.h:75:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[8*4+1]; data/r-cran-haven-2.3.1/src/readstat/spss/readstat_spss.h:76:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char longname[64*4+1]; data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta.h:44:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[1]; // Flexible array; use [1] for C++98 compatibility data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta.h:118:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_buf[256]; data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_parse_timestamp.c:324:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_buf[1024]; data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:143:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->typlist, buffer, buffer_len); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:208:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char start[4]; data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:298:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:344:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, &vo_bytes[0], sizeof(uint32_t)); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:345:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&o, &vo_bytes[4], sizeof(uint32_t)); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:423:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[3]; data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:451:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(strl_ptr, &strl, sizeof(dta_strl_t)); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:477:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&byte, buf, sizeof(int8_t)); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:497:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&num, buf, sizeof(int16_t)); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:520:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&num, buf, sizeof(int32_t)); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:544:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&num, buf, sizeof(int32_t)); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:556:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&f_num, &num, sizeof(int32_t)); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:567:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&num, buf, sizeof(int64_t)); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:579:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&d_num, &num, sizeof(int64_t)); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:587:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_buf[2048]; data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:755:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ds_format[3]; data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:763:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char byteorder[3]; data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:1000:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char labname[129]; data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:1047:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label_buf[4*8+1]; data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:1136:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (io->open(path, io->io_ctx) == -1) { data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:1141:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[4]; data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:413:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char format[64]; data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:512:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[ctx->ch_metadata_len]; data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:637:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char labname[12+2]; data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:677:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&label_buffer[8*value_label->int32_key], value_label->label, len); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:782:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(txt + offset, label, label_data_len); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:886:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char release[128]; data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:1160:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(row, &value, sizeof(char)); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:1165:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(row, &value, sizeof(int16_t)); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:1170:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(row, &value, sizeof(int32_t)); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:1175:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(row, &value, sizeof(int64_t)); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:1180:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(row, &value, sizeof(float)); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:1185:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(row, &value, sizeof(double)); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:1234:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&max_flt, &max_flt_i32, sizeof(float)); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:1246:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&max_dbl, &max_dbl_i64, sizeof(double)); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:1276:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&row_bytes[0], &v, sizeof(int16_t)); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:1280:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&row_bytes[2], &o, 6); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:1291:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&row_bytes[0], &v, sizeof(int32_t)); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:1292:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&row_bytes[4], &o, sizeof(int32_t)); data/r-cran-haven-2.3.1/src/readstat/txt/readstat_copy.c:10:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, str_start, this_len); data/r-cran-haven-2.3.1/src/readstat/txt/readstat_sas_commands_read.c:2891:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (parser->io->open(filepath, parser->io->io_ctx) == -1) { data/r-cran-haven-2.3.1/src/readstat/txt/readstat_sas_commands_read.c:2927:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char varname[32]; data/r-cran-haven-2.3.1/src/readstat/txt/readstat_sas_commands_read.c:2928:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char argname[32]; data/r-cran-haven-2.3.1/src/readstat/txt/readstat_sas_commands_read.c:2929:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char labelset[32]; data/r-cran-haven-2.3.1/src/readstat/txt/readstat_sas_commands_read.c:2930:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string_value[32]; data/r-cran-haven-2.3.1/src/readstat/txt/readstat_sas_commands_read.c:2931:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/r-cran-haven-2.3.1/src/readstat/txt/readstat_sas_commands_read.c:3259:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_buf[1024]; data/r-cran-haven-2.3.1/src/readstat/txt/readstat_spss_commands_read.c:1670:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (parser->io->open(filepath, parser->io->io_ctx) == -1) { data/r-cran-haven-2.3.1/src/readstat/txt/readstat_spss_commands_read.c:1706:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char varname[32]; data/r-cran-haven-2.3.1/src/readstat/txt/readstat_spss_commands_read.c:1707:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char argname[32]; data/r-cran-haven-2.3.1/src/readstat/txt/readstat_spss_commands_read.c:1708:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string_value[32]; data/r-cran-haven-2.3.1/src/readstat/txt/readstat_spss_commands_read.c:1709:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/r-cran-haven-2.3.1/src/readstat/txt/readstat_spss_commands_read.c:1711:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char var_list[1024][32]; data/r-cran-haven-2.3.1/src/readstat/txt/readstat_spss_commands_read.c:1884:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(var_list[var_count++], varname, sizeof(varname)); data/r-cran-haven-2.3.1/src/readstat/txt/readstat_spss_commands_read.c:1902:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char labelset_name[256]; data/r-cran-haven-2.3.1/src/readstat/txt/readstat_spss_commands_read.c:1913:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char labelset_name[256]; data/r-cran-haven-2.3.1/src/readstat/txt/readstat_spss_commands_read.c:2050:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_buf[1024]; data/r-cran-haven-2.3.1/src/readstat/txt/readstat_stata_dictionary_read.c:459:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (parser->io->open(filepath, parser->io->io_ctx) == -1) { data/r-cran-haven-2.3.1/src/readstat/txt/readstat_stata_dictionary_read.c:627:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&schema->entries[schema->entry_count++], ¤t_entry, sizeof(readstat_schema_entry_t)); data/r-cran-haven-2.3.1/src/readstat/txt/readstat_stata_dictionary_read.c:760:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_buf[1024]; data/r-cran-haven-2.3.1/src/readstat/txt/readstat_txt_read.c:22:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char converted_value[4*len+1]; data/r-cran-haven-2.3.1/src/readstat/txt/readstat_txt_read.c:117:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value_buffer[4096]; data/r-cran-haven-2.3.1/src/readstat/txt/readstat_txt_read.c:138:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(value_buffer, &line_buffer[field_offset], field_len); data/r-cran-haven-2.3.1/src/readstat/txt/readstat_txt_read.c:183:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (io->open(filename, io->io_ctx) == -1) { data/r-cran-haven-2.3.1/src/tagged_na.c:22:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char byte[8]; // 8 * 1 bytes data/r-cran-haven-2.3.1/src/DfReader.cpp:467:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual ssize_t read(void *buf, size_t nbyte, void *io_ctx) = 0; data/r-cran-haven-2.3.1/src/DfReader.cpp:491:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t read(void *buf, size_t nbyte, void *io_ctx) { data/r-cran-haven-2.3.1/src/DfReader.cpp:492:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). file_.read((char*) buf, nbyte); data/r-cran-haven-2.3.1/src/DfReader.cpp:555:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return ((DfReaderInput*) io_ctx)->read(buf, nbyte, io_ctx); data/r-cran-haven-2.3.1/src/DfWriter.cpp:297:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int length = strlen(string_utf8(x, i)); data/r-cran-haven-2.3.1/src/readstat/CKHashTable.c:79:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t keylen = strlen(key); data/r-cran-haven-2.3.1/src/readstat/CKHashTable.c:108:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t keylen = strlen(key); data/r-cran-haven-2.3.1/src/readstat/readstat.h:322:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readstat_read_handler read; data/r-cran-haven-2.3.1/src/readstat/readstat_io_unistd.c:58:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t out = read(fd, buf, nbyte); data/r-cran-haven-2.3.1/src/readstat/readstat_writer.c:29:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(string) + 1; data/r-cran-haven-2.3.1/src/readstat/readstat_writer.c:79:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (label && strlen(label)) { data/r-cran-haven-2.3.1/src/readstat/readstat_writer.c:80:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). value_label->label_len = strlen(label); data/r-cran-haven-2.3.1/src/readstat/readstat_writer.c:204:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t line_sep_len = strlen(line_sep); data/r-cran-haven-2.3.1/src/readstat/readstat_writer.c:231:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t line_sep_len = strlen(line_sep); data/r-cran-haven-2.3.1/src/readstat/readstat_writer.c:254:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return readstat_write_bytes(writer, bytes, strlen(bytes)); data/r-cran-haven-2.3.1/src/readstat/readstat_writer.c:279:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(string); data/r-cran-haven-2.3.1/src/readstat/readstat_writer.c:352:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (value && strlen(value)) { data/r-cran-haven-2.3.1/src/readstat/readstat_writer.c:353:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_value_label->string_key_len = strlen(value); data/r-cran-haven-2.3.1/src/readstat/readstat_writer.c:414:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *note_copy = malloc(strlen(note) + 1); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.c:116:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&header_start, sizeof(sas_header_start_t), io->io_ctx) < sizeof(sas_header_start_t)) { data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.c:165:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&creation_time, sizeof(double), io->io_ctx) < sizeof(double)) { data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.c:172:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&modification_time, sizeof(double), io->io_ctx) < sizeof(double)) { data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.c:189:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&header_size, sizeof(uint32_t), io->io_ctx) < sizeof(uint32_t)) { data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.c:193:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&page_size, sizeof(uint32_t), io->io_ctx) < sizeof(uint32_t)) { data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.c:220:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&page_count, sizeof(uint64_t), io->io_ctx) < sizeof(uint64_t)) { data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.c:227:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&page_count, sizeof(uint32_t), io->io_ctx) < sizeof(uint32_t)) { data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.c:246:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&header_end, sizeof(sas_header_end_t), io->io_ctx) < sizeof(sas_header_end_t)) { data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.c:287:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t file_label_len = strlen(writer->file_label); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas.c:421:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) > max_len) data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_read.c:286:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(chain_link, chain_link_header_len, io->io_ctx) < chain_link_header_len) { data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_read.c:333:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(chain_link, chain_link_header_len, io->io_ctx) < chain_link_header_len) { data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_read.c:350:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(buffer + buffer_offset, chain_link_len, io->io_ctx) < chain_link_len) { data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_read.c:448:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(page, ctx->page_size, io->io_ctx) < ctx->page_size) { data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_read.c:463:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(page, ctx->page_size, io->io_ctx) < ctx->page_size) { data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bcat_write.c:19:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t name_len = strlen(r_label_set->name); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_read.c:911:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(ctx->page, head_len, io->io_ctx) < head_len) { data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_read.c:923:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(ctx->page + head_len, tail_len, io->io_ctx) < tail_len) { data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_read.c:973:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(ctx->page, head_len, io->io_ctx) < head_len) { data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_read.c:989:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(ctx->page + head_len, tail_len, io->io_ctx) < tail_len) { data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_read.c:1022:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(ctx->page, ctx->page_size, io->io_ctx) < ctx->page_size) { data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:112:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(string); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:130:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&column_text->data[column_text->used], string, padded_len); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:258:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint16_t name_length_flag = strlen(name) <= 8 ? 4 : 2048; data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:667:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t value_len = strlen(value); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_sas7bdat_write.c:671:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char *)row, value, max_len); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_read.c:71:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return io->read(dst, dst_len, io->io_ctx); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_read.c:115:19: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. int matches = sscanf(line, data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_read.c:213:5: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(line, data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_write.c:32:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(record); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_write.c:118:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) > 8) { data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_write.c:129:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t label_len = strlen(variable->label); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_write.c:166:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t label_len = strlen(variable->label); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_write.c:167:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t name_len = strlen(variable->name); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_write.c:185:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). format_len = strlen(format_name); data/r-cran-haven-2.3.1/src/readstat/sas/readstat_xport_write.c:479:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t value_len = strlen(string); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_read.c:57:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t bytes_read = io->read(&byte, 1, io->io_ctx); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_read.c:66:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytes_read = io->read(&byte, 1, io->io_ctx); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_read.c:514:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). varinfo->label = realloc(varinfo->label, strlen(string) + 1); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_read.c:610:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). input_string, strlen(input_string), ctx->converter); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_write.c:167:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return por_write_string_field_n(writer, ctx, string, strlen(string)); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_write.c:201:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t file_label_len = strlen(writer->file_label); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_write.c:206:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(vanity[1] + 20, writer->file_label, 20); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_write.c:347:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(name); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_write.c:612:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(writer->notes[i]); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_write.c:734:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(string); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_por_write.c:748:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(((char *)row) + bytes_written, string, len); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:170:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&variable, sizeof(sav_variable_record_t), io->io_ctx) < sizeof(sav_variable_record_t)) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:176:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&label_len, sizeof(uint32_t), io->io_ctx) < sizeof(uint32_t)) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:204:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&label_len, sizeof(uint32_t), io->io_ctx) < sizeof(uint32_t)) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:225:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(label_buf, label_capacity, io->io_ctx) < label_capacity) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:252:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(info->missing_double_values, info->n_missing_values * sizeof(double), io->io_ctx) data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:283:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(missing_value, sizeof(missing_value), io->io_ctx) < sizeof(missing_value)) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:324:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&variable, sizeof(sav_variable_record_t), io->io_ctx) < sizeof(sav_variable_record_t)) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:407:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&label_count, sizeof(uint32_t), io->io_ctx) < sizeof(uint32_t)) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:421:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&unpadded_len, 1, io->io_ctx) < 1) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:432:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&rec_type, sizeof(uint32_t), io->io_ctx) < sizeof(uint32_t)) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:443:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&var_count, sizeof(uint32_t), io->io_ctx) < sizeof(uint32_t)) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:489:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&label_count, sizeof(uint32_t), io->io_ctx) < sizeof(uint32_t)) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:507:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(vlabel->raw_value, 8, io->io_ctx) < 8) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:511:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&unpadded_label_len, 1, io->io_ctx) < 1) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:517:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(label_buf, padded_label_len, io->io_ctx) < padded_label_len) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:533:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&rec_type, sizeof(int32_t), io->io_ctx) < sizeof(int32_t)) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:544:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&var_count, sizeof(uint32_t), io->io_ctx) < sizeof(uint32_t)) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:555:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(vars, var_count * sizeof(uint32_t), io->io_ctx) < var_count * sizeof(uint32_t)) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:617:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&n_lines, sizeof(uint32_t), io->io_ctx) < sizeof(uint32_t)) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:639:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&n_lines, sizeof(uint32_t), io->io_ctx) < sizeof(uint32_t)) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:650:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(raw_buffer, SPSS_DOC_LINE_SIZE, io->io_ctx) < SPSS_DOC_LINE_SIZE) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:674:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&filler, sizeof(int32_t), io->io_ctx) < sizeof(int32_t)) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:824:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((bytes_read = io->read(buffer, buffer_len, io->io_ctx)) != buffer_len) data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:865:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). buffer_used = io->read(buffer, sizeof(buffer), io->io_ctx); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:1267:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&rec_type, sizeof(uint32_t), io->io_ctx) < sizeof(uint32_t)) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:1296:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(extra_info, sizeof(extra_info), io->io_ctx) < sizeof(extra_info)) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:1313:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(data_buf, data_len, io->io_ctx) < data_len) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:1356:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&rec_type, sizeof(uint32_t), io->io_ctx) < sizeof(uint32_t)) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:1384:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(extra_info, sizeof(extra_info), io->io_ctx) < sizeof(extra_info)) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:1402:42: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (data_len == 0 || io->read(data_buf, data_len, io->io_ctx) < data_len) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_read.c:1571:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&header, sizeof(sav_file_header_record_t), io->io_ctx) < sizeof(sav_file_header_record_t)) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:91:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(output); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:97:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(output); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:173:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t file_label_len = strlen(writer->file_label); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:189:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t title_data_len = strlen(title_data); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:200:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(padded_label, title_data, (label_len + 3) / 4 * 4); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:619:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(writer->notes[i]); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:770:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t title_data_len = strlen(title_data); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:799:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t title_data_len = strlen(title_data); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:859:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). info_header.count += strlen(kv_data) + sizeof(tuple_separator); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:916:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int32_t name_len = strlen(r_variable->name); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:957:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int32_t name_len = strlen(r_variable->name); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:1034:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int32_t name_len = strlen(r_variable->name); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:1070:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int32_t name_len = strlen(r_variable->name); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:1189:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t value_len = strlen(value); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_sav_write.c:1282:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). error = sav_validate_name_length(strlen(variable->name)); data/r-cran-haven-2.3.1/src/readstat/spss/readstat_spss.c:247:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (spss_parse_format(fmt, strlen(fmt), spss_format) != READSTAT_OK) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_zsav_read.c:57:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&zheader, sizeof(struct zheader), io->io_ctx) < sizeof(struct zheader)) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_zsav_read.c:78:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&ztrailer, sizeof(struct ztrailer), io->io_ctx) < sizeof(struct ztrailer)) { data/r-cran-haven-2.3.1/src/readstat/spss/readstat_zsav_read.c:98:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(ztrailer_entries, n_blocks * sizeof(struct ztrailer_entry), io->io_ctx) < data/r-cran-haven-2.3.1/src/readstat/spss/readstat_zsav_read.c:131:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(compressed_block, entry->compressed_size, io->io_ctx) != entry->compressed_size) { data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:90:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(dst_buffer, dst_len, io->io_ctx) != dst_len) { data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:209:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(start, sizeof(start), io->io_ctx) != sizeof(start)) { data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:225:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&data_type, 1, io->io_ctx) != 1) { data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:233:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&len16, sizeof(uint16_t), io->io_ctx) != sizeof(uint16_t)) { data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:240:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&len32, sizeof(uint32_t), io->io_ctx) != sizeof(uint32_t)) { data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:262:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(buffer, len, io->io_ctx) != len) { data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:299:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(tag); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:300:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (ctx->io->read(buffer, len, ctx->io->io_ctx) != len) { data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:358:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&header, sizeof(header), io->io_ctx) != sizeof(dta_117_strl_header_t)) { data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:377:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&header, sizeof(header), io->io_ctx) != sizeof(dta_118_strl_header_t)) { data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:424:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(tag, sizeof(tag), io->io_ctx) != sizeof(tag)) { data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:455:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&strl_ptr->data[0], strl_ptr->len, io->io_ctx) != strl_ptr->len) { data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:669:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(buf, ctx->record_len, io->io_ctx) != ctx->record_len) { data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:733:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(header, sizeof(dta_header_t), io->io_ctx) != sizeof(dta_header_t)) { data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:831:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&label_len, sizeof(uint16_t), io->io_ctx) != sizeof(uint16_t)) { data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:838:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&label_len_char, sizeof(unsigned char), io->io_ctx) != sizeof(unsigned char)) { data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:853:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(data_label_buffer, label_len, io->io_ctx) != label_len) { data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:861:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). label_len = strlen(data_label_buffer); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:882:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(×tamp_len, 1, io->io_ctx) != 1) { data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:893:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(timestamp_buffer, timestamp_len, io->io_ctx) != timestamp_len) { data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:1005:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&table_header_len, sizeof(int16_t), io->io_ctx) < sizeof(int16_t)) data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:1020:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(&table_header_len, sizeof(int32_t), io->io_ctx) < sizeof(int32_t)) data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:1029:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(labname, ctx->value_label_table_labname_len, io->io_ctx) < ctx->value_label_table_labname_len) data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:1040:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(table_buffer, len, io->io_ctx) < len) { data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_read.c:1142:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (io->read(magic, 4, io->io_ctx) != 4) { data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:72:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint8_t len = strlen(writer->file_label); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:76:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint16_t len = strlen(writer->file_label); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:84:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(data_label, writer->file_label, ctx->data_label_len); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:321:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) > max_len) data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:324:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) == 0) data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:355:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&ctx->varlist[ctx->variable_name_len*i], data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:398:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&ctx->fmtlist[ctx->fmtlist_entry_len*i], data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:417:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&ctx->fmtlist[ctx->fmtlist_entry_len*i], data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:443:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&ctx->lbllist[ctx->lbllist_entry_len*i], data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:496:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&ctx->variable_labels[ctx->variable_labels_entry_len*i], data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:530:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(writer->notes[i]); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:541:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "_dta", ctx->ch_metadata_len); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:662:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(labname, r_label_set->name, ctx->value_label_table_labname_len); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:737:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(labname, r_label_set->name, ctx->value_label_table_labname_len); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:972:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(tag); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:1023:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + 2 * ctx->ch_metadata_len + strlen(writer->notes[i]) + 1 data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:1260:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t value_len = strlen(value); data/r-cran-haven-2.3.1/src/readstat/stata/readstat_dta_write.c:1264:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char *)row, value, max_len); data/r-cran-haven-2.3.1/src/readstat/txt/readstat_sas_commands_read.c:2908:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). parser->io->read(bytes, len, parser->io->io_ctx); data/r-cran-haven-2.3.1/src/readstat/txt/readstat_schema.c:29:85: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). readstat_copy(entry->variable.name, sizeof(entry->variable.name), var_name, strlen(var_name)); data/r-cran-haven-2.3.1/src/readstat/txt/readstat_spss_commands_read.c:1687:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). parser->io->read(bytes, len, parser->io->io_ctx); data/r-cran-haven-2.3.1/src/readstat/txt/readstat_stata_dictionary_read.c:479:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). parser->io->read(bytes, len, parser->io->io_ctx); data/r-cran-haven-2.3.1/src/readstat/txt/readstat_txt_read.c:55:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((bytes_read = io->read(&value_buffer[i], 1, io->io_ctx)) == 1 && value_buffer[i++] != delimiter) { data/r-cran-haven-2.3.1/src/readstat/txt/readstat_txt_read.c:125:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t bytes_read = io->read(line_buffer, line_lens[i], io->io_ctx); data/r-cran-haven-2.3.1/src/readstat/txt/readstat_txt_read.c:149:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (io->read(&throwaway, 1, io->io_ctx) == 1 && throwaway != '\n'); data/r-cran-haven-2.3.1/src/readstat/txt/readstat_txt_read.c:220:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (io->read(&throwaway_char, 1, io->io_ctx) == 1 && throwaway_char != '\n'); ANALYSIS SUMMARY: Hits = 597 Lines analyzed = 28599 in approximately 0.85 seconds (33475 lines/second) Physical Source Lines of Code (SLOC) = 24562 Hits@level = [0] 87 [1] 168 [2] 414 [3] 0 [4] 15 [5] 0 Hits@level+ = [0+] 684 [1+] 597 [2+] 429 [3+] 15 [4+] 15 [5+] 0 Hits/KSLOC@level+ = [0+] 27.8479 [1+] 24.3058 [2+] 17.466 [3+] 0.610699 [4+] 0.610699 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.