Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/r-cran-rniftilib-0.0-35.r79/src/Rnifti.c
Examining data/r-cran-rniftilib-0.0-35.r79/src/znzlib.c
Examining data/r-cran-rniftilib-0.0-35.r79/src/znzlib.h
Examining data/r-cran-rniftilib-0.0-35.r79/src/nifti1.h
Examining data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c
Examining data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.h
FINAL RESULTS:
data/r-cran-rniftilib-0.0-35.r79/src/Rnifti.c:191:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(val,pcstring);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:1190:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if( dup ) strcpy(dup, str);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2631:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(extcopy, ext);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2649:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(extcopy, ext);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2653:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(elist[0], extgz); strcat(elist[1], extgz); strcat(elist[2], extgz);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2653:29: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(elist[0], extgz); strcat(elist[1], extgz); strcat(elist[2], extgz);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2653:54: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(elist[0], extgz); strcat(elist[1], extgz); strcat(elist[2], extgz);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2816:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hdrname,basename);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2817:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(hdrname,elist[efirst]);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2820:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(hdrname,extzip);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2828:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hdrname,basename);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2829:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(hdrname,elist[efirst]);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2832:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(hdrname,extzip);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2890:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(imgname,basename);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2891:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(imgname,extnia);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2904:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(imgname,basename);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2905:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(imgname,elist[first]);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2908:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(imgname,extzip);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2914:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(imgname,basename);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2915:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(imgname,elist[1-first]); /* can do this with only 2 choices */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2918:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(imgname,extzip);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2959:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(iname, prefix);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2976:50: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
else if( nifti_type == NIFTI_FTYPE_NIFTI1_1 ) strcat(iname, extnii);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2977:50: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
else if( nifti_type == NIFTI_FTYPE_ASCII ) strcat(iname, extnia);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2978:50: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
else strcat(iname, exthdr);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2981:49: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if( comp && (!ext || !strstr(iname,extgz)) ) strcat(iname,extgz);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:3026:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(iname, prefix);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:3043:50: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
else if( nifti_type == NIFTI_FTYPE_NIFTI1_1 ) strcat(iname, extnii);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:3044:50: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
else if( nifti_type == NIFTI_FTYPE_ASCII ) strcat(iname, extnia);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:3045:50: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
else strcat(iname, extimg);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:3048:49: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if( comp && (!ext || !strstr(iname,extgz)) ) strcat(iname,extgz);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6168:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf+strlen(buf) , " nifti_type = '%s'\n" ,
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6182:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf+strlen(buf) , " header_filename = %s\n",ebuf); free(ebuf);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6185:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf+strlen(buf) , " image_filename = %s\n", ebuf); free(ebuf);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6206:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf+strlen(buf) , " datatype_name = '%s'\n" ,
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6212:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf+strlen(buf) , " byteorder = '%s'\n" ,
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6227:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf+strlen(buf) , " intent_code_name = '%s'\n" ,
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6235:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf+strlen(buf) , " intent_name = %s\n",ebuf) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6244:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf+strlen(buf) ,
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6250:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf+strlen(buf) ,
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6262:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf+strlen(buf) ,
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6276:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf+strlen(buf) , " descrip = %s\n",ebuf) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6282:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf+strlen(buf) , " aux_file = %s\n",ebuf) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6289:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf+strlen(buf) ,
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6327:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf+strlen(buf) ,
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6339:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf+strlen(buf) ,
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6366:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf+strlen(buf) ,
data/r-cran-rniftilib-0.0-35.r79/src/znzlib.c:314:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(tmpstr,format,va);
data/r-cran-rniftilib-0.0-35.r79/src/znzlib.c:320:11: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
retval=vfprintf(stream->nzfptr,format,va);
data/r-cran-rniftilib-0.0-35.r79/src/Rnifti.c:343:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix_buffer[500];
data/r-cran-rniftilib-0.0-35.r79/src/Rnifti.c:657:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100];
data/r-cran-rniftilib-0.0-35.r79/src/Rnifti.c:691:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100];
data/r-cran-rniftilib-0.0-35.r79/src/Rnifti.c:942:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[10];
data/r-cran-rniftilib-0.0-35.r79/src/Rnifti.c:1181:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"#%02X%02X%02X",((unsigned char*)pnim->data)[iSOffset*3],((unsigned char*)pnim->data)[iSOffset*3+1],((unsigned char*)pnim->data)[iSOffset*3+2]);
data/r-cran-rniftilib-0.0-35.r79/src/Rnifti.c:1203:20: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"#%02X%02X%02X%02X",((unsigned char*)pnim->data)[iSOffset*4],((unsigned char*)pnim->data)[iSOffset*4+1],((unsigned char*)pnim->data)[iSOffset*4+2],((unsigned char*)pnim->data)[iSOffset*4+3]);
data/r-cran-rniftilib-0.0-35.r79/src/Rnifti.c:1668:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[200];
data/r-cran-rniftilib-0.0-35.r79/src/nifti1.h:149:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data_type[10]; /*!< ++UNUSED++ */ /* char data_type[10]; */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1.h:150:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db_name[18]; /*!< ++UNUSED++ */ /* char db_name[18]; */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1.h:183:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char descrip[80]; /*!< any text you like. */ /* char descrip[80]; */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1.h:184:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aux_file[24]; /*!< auxiliary filename. */ /* char aux_file[24]; */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1.h:200:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char intent_name[16];/*!< 'name' or meaning of data. */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1.h:202:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[4] ; /*!< MUST be "ni1\0" or "n+1\0". */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1.h:287:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct nifti1_extender { char extension[4] ; } ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:898:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NBL->bricks[idest], NBL->bricks[sindex[c-1]], NBL->bsize);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:988:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*slist, blist, nbricks*sizeof(int));
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2609:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * ext, extcopy[8];
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2611:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extnii[8] = ".nii"; /* modifiable, for possible uppercase */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2612:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exthdr[8] = ".hdr"; /* (leave space for .gz) */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2613:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extimg[8] = ".img";
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2614:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extnia[8] = ".nia";
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2616:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extgz[4] = ".gz";
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2618:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * elist[4] = { NULL, NULL, NULL, NULL};
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2764:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char elist[2][5] = { ".hdr", ".nii" };
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2765:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extzip[4] = ".gz";
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2862:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *basename, *imgname, elist[2][5] = { ".nii", ".img" };
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2863:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extzip[4] = ".gz";
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2864:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extnia[5] = ".nia";
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2948:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extnii[5] = ".nii"; /* modifiable, for possible uppercase */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2949:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exthdr[5] = ".hdr";
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2950:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extimg[5] = ".img";
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2951:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extnia[5] = ".nia";
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2952:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extgz[5] = ".gz";
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2973:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ext,exthdr,4); /* then convert img name to hdr */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:3015:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extnii[5] = ".nii"; /* modifiable, for possible uppercase */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:3016:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exthdr[5] = ".hdr";
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:3017:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extimg[5] = ".img";
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:3018:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extnia[5] = ".nia";
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:3019:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extgz[5] = ".gz";
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:3040:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ext,extimg,4); /* then convert hdr name to img */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:3228:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char caps[8] = "";
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:3254:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char caps[8] = "";
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:3849:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nim->intent_name,nhdr.intent_name,15); nim->intent_name[15] = '\0';
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:3869:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nim->descrip ,nhdr.descrip ,79) ; nim->descrip [79] = '\0' ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:3870:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nim->aux_file,nhdr.aux_file,23) ; nim->aux_file[23] = '\0' ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:4039:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hptr, &nhdr, sizeof(nifti_1_header));
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:4312:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:4342:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * sbuf, lfunc[25] = { "nifti_read_ascii_image" };
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:4558:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*list, tmplist, (new_length-1)*sizeof(nifti1_extension));
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:4608:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ext->edata, data, len); /* copy the data, using len */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:5254:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extdr[4] = { 0, 0, 0, 0 };
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:5336:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(nhdr.magic, "n+1"); /* init to single file */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:5417:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(nhdr->magic, "n+1"); /* init to single file */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:5516:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nhdr.descrip ,nim->descrip ,79) ; nhdr.descrip[79] = '\0' ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:5519:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nhdr.aux_file ,nim->aux_file ,23) ; nhdr.aux_file[23] = '\0' ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:5526:52: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if( nim->nifti_type == NIFTI_FTYPE_NIFTI1_1 ) strcpy(nhdr.magic,"n+1") ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:5527:52: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(nhdr.magic,"ni1") ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:5539:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nhdr.intent_name,nim->intent_name,15) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:5640:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, nim_src->ext_list[c].edata, old_size-8);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:5962:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, sizeof(nifti_image));
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6129:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
case '&': memcpy(out+jj,"&",5) ; jj+=5 ; break ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6131:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
case '<': memcpy(out+jj,"<",4) ; jj+=4 ; break ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6132:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
case '>': memcpy(out+jj,">",4) ; jj+=4 ; break ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6134:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
case '"' : memcpy(out+jj,""",6) ; jj+=6 ; break ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6136:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
case '\'': memcpy(out+jj,"'",6) ; jj+=6 ; break ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6138:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
case CR: memcpy(out+jj,"
",6) ; jj+=6 ; break ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6139:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
case LF: memcpy(out+jj,"
",6) ; jj+=6 ; break ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6166:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf , "<nifti_image\n" ) ; /* XML-ish opener */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6187:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf+strlen(buf) , " image_offset = '%d'\n" , nim->iname_offset );
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6189:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf+strlen(buf), " ndim = '%d'\n", nim->ndim);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6190:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf+strlen(buf), " nx = '%d'\n", nim->nx );
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6191:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if( nim->ndim > 1 ) sprintf( buf+strlen(buf), " ny = '%d'\n", nim->ny );
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6192:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if( nim->ndim > 2 ) sprintf( buf+strlen(buf), " nz = '%d'\n", nim->nz );
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6193:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if( nim->ndim > 3 ) sprintf( buf+strlen(buf), " nt = '%d'\n", nim->nt );
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6194:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if( nim->ndim > 4 ) sprintf( buf+strlen(buf), " nu = '%d'\n", nim->nu );
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6195:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if( nim->ndim > 5 ) sprintf( buf+strlen(buf), " nv = '%d'\n", nim->nv );
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6196:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if( nim->ndim > 6 ) sprintf( buf+strlen(buf), " nw = '%d'\n", nim->nw );
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6197:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf+strlen(buf), " dx = '%g'\n", nim->dx );
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6198:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if( nim->ndim > 1 ) sprintf( buf+strlen(buf), " dy = '%g'\n", nim->dy );
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6199:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if( nim->ndim > 2 ) sprintf( buf+strlen(buf), " dz = '%g'\n", nim->dz );
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6200:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if( nim->ndim > 3 ) sprintf( buf+strlen(buf), " dt = '%g'\n", nim->dt );
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6201:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if( nim->ndim > 4 ) sprintf( buf+strlen(buf), " du = '%g'\n", nim->du );
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6202:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if( nim->ndim > 5 ) sprintf( buf+strlen(buf), " dv = '%g'\n", nim->dv );
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6203:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if( nim->ndim > 6 ) sprintf( buf+strlen(buf), " dw = '%g'\n", nim->dw );
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6205:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf+strlen(buf) , " datatype = '%d'\n" , nim->datatype ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6209:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf+strlen(buf) , " nvox = '%u'\n" , (unsigned)nim->nvox ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6210:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf+strlen(buf) , " nbyper = '%d'\n" , nim->nbyper ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6216:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf+strlen(buf) , " cal_min = '%g'\n", nim->cal_min ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6217:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf+strlen(buf) , " cal_max = '%g'\n", nim->cal_max ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6221:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf+strlen(buf) , " scl_slope = '%g'\n" , nim->scl_slope ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6222:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf+strlen(buf) , " scl_inter = '%g'\n" , nim->scl_inter ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6226:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf+strlen(buf) , " intent_code = '%d'\n", nim->intent_code ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6229:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf+strlen(buf) , " intent_p1 = '%g'\n" , nim->intent_p1 ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6230:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf+strlen(buf) , " intent_p2 = '%g'\n" , nim->intent_p2 ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6231:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf+strlen(buf) , " intent_p3 = '%g'\n" , nim->intent_p3 ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6241:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf+strlen(buf) , " toffset = '%g'\n",nim->toffset ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6256:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf+strlen(buf) , " freq_dim = '%d'\n",nim->freq_dim ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6258:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf+strlen(buf) , " phase_dim = '%d'\n",nim->phase_dim ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6260:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf+strlen(buf) , " slice_dim = '%d'\n",nim->slice_dim ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6267:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf+strlen(buf) ,
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6271:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf+strlen(buf) , " slice_duration = '%g'\n",
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6303:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf+strlen(buf) ,
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6314:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf+strlen(buf) ,
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6353:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf+strlen(buf) ,
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6375:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf+strlen(buf) , " num_ext = '%d'\n", nim->num_ext ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6377:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf+strlen(buf) , "/>\n" ) ; /* XML-ish closer */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6395:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { unsigned char bb[2] ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6435:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lhs[1024] , rhs[1024] ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6489:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rhs,str+spos+1,nn) ; rhs[nn] = '\0' ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.h:159:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char intent_name[16] ; /*!< optional description of intent data */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.h:161:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char descrip[80] ; /*!< optional text to describe dataset */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.h:162:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aux_file[24] ; /*!< auxiliary filename */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.h:196:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data_type[10]; /* 4 + 10 same */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.h:197:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db_name[18]; /* 14 + 18 same */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.h:230:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char descrip[80]; /* 0 + 80 same */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.h:231:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aux_file[24]; /* 80 + 24 same */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.h:233:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char originator[10]; /* 105 + 10 FROM HERE DOWN... */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.h:234:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char generated[10]; /* 115 + 10 */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.h:235:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scannum[10]; /* 125 + 10 */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.h:236:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patient_id[10]; /* 135 + 10 */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.h:237:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exp_date[10]; /* 145 + 10 */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.h:238:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exp_time[10]; /* 155 + 10 */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.h:239:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hist_un0[3]; /* 165 + 3 */
data/r-cran-rniftilib-0.0-35.r79/src/znzlib.c:74:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((file->nzfptr = fopen(path,mode)) == NULL) {
data/r-cran-rniftilib-0.0-35.r79/src/Rnifti.c:190:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(pcstring)<max_num)
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:1187:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dup = (char *)malloc(strlen(str) + 1);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:1192:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned int)strlen(str)+1);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2625:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(name);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2681:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(fname);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2683:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fileext_compare(fname + strlen(fname) - 3,".gz")==0) { return 1; }
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2809:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hdrname = (char *)calloc(sizeof(char),strlen(basename)+8);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2872:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
imgname = (char *)calloc(sizeof(char),strlen(basename)+8);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:2957:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iname = (char *)calloc(sizeof(char),strlen(prefix)+8);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:3024:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iname = (char *)calloc(sizeof(char),strlen(prefix)+8);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:3238:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(known_ext);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:3264:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(known_ext);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:3283:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(c = 0; c < strlen(str); c++ ) {
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:3298:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(c = 0; c < strlen(str); c++ ) {
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:3315:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(c = 0; c < strlen(str); c++ )
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:3328:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(c = 0; c < strlen(str); c++ )
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6000:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ll = (int)strlen(str) ; if( ll == 0 ) return 0 ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6097:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( str == NULL || (lstr=(int)strlen(str)) == 0 ){ /* 0 length */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6168:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) , " nifti_type = '%s'\n" ,
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6182:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) , " header_filename = %s\n",ebuf); free(ebuf);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6185:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) , " image_filename = %s\n", ebuf); free(ebuf);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6187:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) , " image_offset = '%d'\n" , nim->iname_offset );
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6189:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf), " ndim = '%d'\n", nim->ndim);
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6190:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf), " nx = '%d'\n", nim->nx );
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6191:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( nim->ndim > 1 ) sprintf( buf+strlen(buf), " ny = '%d'\n", nim->ny );
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6192:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( nim->ndim > 2 ) sprintf( buf+strlen(buf), " nz = '%d'\n", nim->nz );
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6193:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( nim->ndim > 3 ) sprintf( buf+strlen(buf), " nt = '%d'\n", nim->nt );
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6194:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( nim->ndim > 4 ) sprintf( buf+strlen(buf), " nu = '%d'\n", nim->nu );
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6195:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( nim->ndim > 5 ) sprintf( buf+strlen(buf), " nv = '%d'\n", nim->nv );
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6196:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( nim->ndim > 6 ) sprintf( buf+strlen(buf), " nw = '%d'\n", nim->nw );
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6197:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf), " dx = '%g'\n", nim->dx );
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6198:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( nim->ndim > 1 ) sprintf( buf+strlen(buf), " dy = '%g'\n", nim->dy );
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6199:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( nim->ndim > 2 ) sprintf( buf+strlen(buf), " dz = '%g'\n", nim->dz );
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6200:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( nim->ndim > 3 ) sprintf( buf+strlen(buf), " dt = '%g'\n", nim->dt );
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6201:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( nim->ndim > 4 ) sprintf( buf+strlen(buf), " du = '%g'\n", nim->du );
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6202:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( nim->ndim > 5 ) sprintf( buf+strlen(buf), " dv = '%g'\n", nim->dv );
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6203:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( nim->ndim > 6 ) sprintf( buf+strlen(buf), " dw = '%g'\n", nim->dw );
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6205:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) , " datatype = '%d'\n" , nim->datatype ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6206:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) , " datatype_name = '%s'\n" ,
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6209:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) , " nvox = '%u'\n" , (unsigned)nim->nvox ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6210:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) , " nbyper = '%d'\n" , nim->nbyper ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6212:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) , " byteorder = '%s'\n" ,
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6216:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) , " cal_min = '%g'\n", nim->cal_min ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6217:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) , " cal_max = '%g'\n", nim->cal_max ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6221:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) , " scl_slope = '%g'\n" , nim->scl_slope ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6222:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) , " scl_inter = '%g'\n" , nim->scl_inter ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6226:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) , " intent_code = '%d'\n", nim->intent_code ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6227:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) , " intent_code_name = '%s'\n" ,
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6229:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) , " intent_p1 = '%g'\n" , nim->intent_p1 ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6230:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) , " intent_p2 = '%g'\n" , nim->intent_p2 ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6231:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) , " intent_p3 = '%g'\n" , nim->intent_p3 ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6235:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) , " intent_name = %s\n",ebuf) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6241:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) , " toffset = '%g'\n",nim->toffset ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6244:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) ,
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6250:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) ,
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6256:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) , " freq_dim = '%d'\n",nim->freq_dim ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6258:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) , " phase_dim = '%d'\n",nim->phase_dim ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6260:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) , " slice_dim = '%d'\n",nim->slice_dim ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6262:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) ,
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6267:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) ,
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6271:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) , " slice_duration = '%g'\n",
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6276:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) , " descrip = %s\n",ebuf) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6282:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) , " aux_file = %s\n",ebuf) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6289:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) ,
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6303:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) ,
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6314:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) ,
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6327:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) ,
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6339:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) ,
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6353:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) ,
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6366:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) ,
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6375:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) , " num_ext = '%d'\n", nim->num_ext ) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6377:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( buf+strlen(buf) , "/>\n" ) ; /* XML-ish closer */
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6379:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nbuf = (int)strlen(buf) ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6422:24: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(nim->nam,rhs,ml), nim->nam[ml]='\0'
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6444:9: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
ii = sscanf( str+spos , "%1023s%n" , lhs , &nn ) ; spos += nn ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6474:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
ii = sscanf( str+spos , "%1023s%n" , lhs , &nn ) ; spos += nn ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:6492:14: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
ii = sscanf( str+spos , "%1023s%n" , rhs , &nn ) ; spos += nn ;
data/r-cran-rniftilib-0.0-35.r79/src/nifti1_io.c:7308:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = (int)strlen(str) ;
data/r-cran-rniftilib-0.0-35.r79/src/znzlib.c:294:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return fgetc(file->nzfptr);
data/r-cran-rniftilib-0.0-35.r79/src/znzlib.c:308:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(format) + 1000000; /* overkill I hope */
ANALYSIS SUMMARY:
Hits = 253
Lines analyzed = 11780 in approximately 0.41 seconds (28488 lines/second)
Physical Source Lines of Code (SLOC) = 6881
Hits@level = [0] 9 [1] 80 [2] 124 [3] 0 [4] 49 [5] 0
Hits@level+ = [0+] 262 [1+] 253 [2+] 173 [3+] 49 [4+] 49 [5+] 0
Hits/KSLOC@level+ = [0+] 38.0759 [1+] 36.7679 [2+] 25.1417 [3+] 7.12106 [4+] 7.12106 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.