Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_dawson.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_complex.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/function.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/fresnel.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multiset.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_airy.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_exp.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/cqp.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_coupling.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_complex.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_tensor.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_with_narray.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_cheb.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_interp.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_with_nmatrix.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_math.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_poly.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_histogram3d.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_common.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_rng.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_statistics.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_root.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_rational.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_fft.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_eigen.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_histogram.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_graph.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_fit.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_sf.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_linalg.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_interp2d.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_array.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_function.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/templates_off.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_dirac.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_odeiv.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/templates_on.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_integration.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_const.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/randist.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_fermi_dirac.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/math.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/monte.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/array.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_mathieu.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_clausen.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/fit.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/cheb.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/complex.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_synchrotron.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/root.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram_find.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_gegenbauer.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/qrng.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/signal.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_nmatrix.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_expint.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_laguerre.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/ieee.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/common.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/const.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sum.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/blas3.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/deriv.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/jacobi.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_coulomb.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_debye.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/rng.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multimin_fsdf.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/rational.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/blas.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_gamma.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/cdf.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly_source.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/min.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_elljac.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/permutation.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_dilog.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/nmf_wrap.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_complex.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/stats.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tamu_anova.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/dirac.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram2d.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_trigonometric.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram3d.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/bspline.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multiroots.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_psi.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_ellint.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/fft.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/diff.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multimin.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/linalg.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/ool.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/linalg_complex.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_int.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_transport.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/spline.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_narray.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/const_additional.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/integration.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/blas1.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_double.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/ntuple.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/dht.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sort.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram3d_source.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/error.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_bessel.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_lambert.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/odeiv.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/blas2.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_log.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/wavelet.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_legendre.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/ndlinear.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/interp.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/bundle.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/eigen.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram_oper.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/array_complex.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_hyperg.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_elementary.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multifit.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/combination.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_erfc.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/alf.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_power.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/siman.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_zeta.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/geometry.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_int.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/nmf.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/interp2d.c
Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/spline2d.c
FINAL RESULTS:
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:80:36: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
static VALUE FUNCTION(rb_gsl_block,fprintf)(int argc, VALUE *argv, VALUE obj)
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:92:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
status = FUNCTION(gsl_block,fprintf)(fp, h, STR2CSTR(argv[1]));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:94:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
status = FUNCTION(gsl_block,fprintf)(fp, h, FORMAT_DEFAULT);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:100:36: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
static VALUE FUNCTION(rb_gsl_block,printf)(int argc, VALUE *argv, VALUE obj)
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:107:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
status = FUNCTION(gsl_block,fprintf)(stdout, h, STR2CSTR(argv[0]));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:109:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
status = FUNCTION(gsl_block,fprintf)(stdout, h, FORMAT_DEFAULT);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:116:36: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
static VALUE FUNCTION(rb_gsl_block,fscanf)(VALUE obj, VALUE io)
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:123:31: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
status = FUNCTION(gsl_block,fscanf)(fp, h);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:149:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, PRINTF_FORMAT, (TYPE2) v->data[i]);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:168:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s\n", rb_class2name(CLASS_OF(obj)));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:842:75: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
rb_define_method(GSL_TYPE(cgsl_block), "fprintf", FUNCTION(rb_gsl_block,fprintf), -1);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:843:74: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
rb_define_method(GSL_TYPE(cgsl_block), "printf", FUNCTION(rb_gsl_block,printf), -1);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:844:74: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
rb_define_method(GSL_TYPE(cgsl_block), "fscanf", FUNCTION(rb_gsl_block,fscanf), 1);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/complex.c:172:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, STR2CSTR(s));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/complex.c:173:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(format, "%s %s\n", tmp, tmp);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/complex.c:174:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, format, GSL_REAL(*c), GSL_IMAG(*c));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/complex.c:876:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s\n", rb_class2name(CLASS_OF(obj)));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/function.c:257:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(opt, STR2CSTR(argv[1]));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/function.c:286:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "graph -T X -g 3 %s", opt);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/function.c:287:8: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fp = popen(command, "w");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:18:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "graph -T X -g 3 %s", STR2CSTR(hash));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:26:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -T %s", command, STR2CSTR(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:28:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -T X", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:31:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -C", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:33:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -g %d", command, (int) FIX2INT(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:35:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -g 3", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:37:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -B", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:39:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -E %s", command, STR2CSTR(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:41:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -f %f", command, NUM2DBL(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:43:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -F %s", command, STR2CSTR(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:45:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -h %f", command, NUM2DBL(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:47:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -k %f", command, NUM2DBL(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:49:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -K %d", command, (int) FIX2INT(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:52:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -l x -l y", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:54:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -l %s", command, STR2CSTR(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:57:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -L \"%s\"", command, STR2CSTR(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:59:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -N %s", command, STR2CSTR(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:61:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -r %f", command, NUM2DBL(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:63:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -R %s", command, STR2CSTR(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:65:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -s", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:67:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -t", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:69:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -u %f", command, NUM2DBL(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:71:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -w %f", command, NUM2DBL(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:73:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -x %s", command, STR2CSTR(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:75:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -X \"%s\"", command, STR2CSTR(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:77:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -y %s", command, STR2CSTR(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:79:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -Y \"%s\"", command, STR2CSTR(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:81:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s --bg-color %s", command, STR2CSTR(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:83:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s --bitmap-size %s", command, STR2CSTR(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:85:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s --frame-color %s", command, STR2CSTR(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:87:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s --frame-line-width %f", command, NUM2DBL(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:89:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s --max-line-length %f", command, NUM2DBL(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:91:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s --page-size %s", command, STR2CSTR(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:93:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s --pen-colors %s", command, STR2CSTR(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:95:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s --rotation %f", command, NUM2DBL(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:97:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s --title-font-name %s", command, STR2CSTR(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:99:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s --title-font-size %f", command, NUM2DBL(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:101:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s --toggle-rotate-y-label", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:103:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -m %d", command, (int) FIX2INT(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:105:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -S %d", command, (int) FIX2INT(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:107:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -W %f", command, NUM2DBL(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:109:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -q %f", command, NUM2DBL(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:111:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s --symbol-font-name %s", command, STR2CSTR(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:113:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s --reposition %s", command, STR2CSTR(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:115:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s --blankout %s", command, STR2CSTR(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:117:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -O", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:971:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -T X", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:973:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -T %s", command, STR2CSTR(g->T));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:975:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, STR2CSTR(g->E));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:977:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -E x", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:979:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -E y", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:981:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -E x -E y", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:986:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -f %f", command, NUM2DBL(g->f));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:988:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -F %s", command, STR2CSTR(g->F));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:990:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -g %d", command, (int) FIX2INT(g->g));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:992:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -h %f", command, NUM2DBL(g->h));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:994:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -k %f", command, NUM2DBL(g->k));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:996:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -K %d", command, (int) FIX2INT(g->K));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:998:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, STR2CSTR(g->l));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1000:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -l x", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1002:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -l y", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1004:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -l x -l y", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1009:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -L \"%s\"", command, STR2CSTR(g->L));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1011:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, STR2CSTR(g->N));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1013:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -N x", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1015:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -N y", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1017:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -N x -N y", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1022:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -r %f", command, NUM2DBL(g->r));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1024:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, STR2CSTR(g->R));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1026:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -R x", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1028:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -R y", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1030:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -R x -R y", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1035:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -u %f", command, NUM2DBL(g->u));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1037:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -w %f", command, NUM2DBL(g->w));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1040:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -x %s", command, STR2CSTR(g->x));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1043:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -x", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1049:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s %f", command, NUM2DBL(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1059:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -y %s", command, STR2CSTR(g->y));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1062:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -y", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1068:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s %f", command, NUM2DBL(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1077:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -X \"%s\"", command, STR2CSTR(g->X));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1079:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -Y \"%s\"", command, STR2CSTR(g->Y));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1081:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s --bg-color %s", command, STR2CSTR(g->bg));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1083:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s --bitmap-size %s", command, STR2CSTR(g->bitmap_size));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1085:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s --frame-color %s", command, STR2CSTR(g->frame));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1087:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s --frame-line-width %f", command, NUM2DBL(g->frame_line_width));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1089:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s --max_line_length %d", command,
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1092:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s --page-size %s", command, STR2CSTR(g->page_size));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1094:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s --pen-colors %s", command, STR2CSTR(g->pen_colors));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1096:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s --rotation %d", command, (int) FIX2INT(g->rotation));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1098:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s --title-font-name %s", command, STR2CSTR(g->title_font_name)); if (g->title_font_size != Qnil)
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1099:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s --title-font-size %f", command, NUM2DBL(g->title_font_size));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1101:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s --toggle-rotate-y-label", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1103:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -I %s", command, STR2CSTR(g->I));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1105:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -s", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1107:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -t", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1109:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -B", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1111:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -m %d", command, (int) FIX2INT(g->m));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1114:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -S %s", command, STR2CSTR(g->S));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1119:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -S %d %f", command, (int) FIX2INT(rb_ary_entry(g->S, 0)),
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1128:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -W %f", command, NUM2DBL(g->W));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1130:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -q %f", command, NUM2DBL(g->q));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1132:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -C", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1134:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s --symbol_font_name %s", command, STR2CSTR(g->symbol_font_name));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1137:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s --reposition %s", command, STR2CSTR(g->reposition));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1140:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s --reposition", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1146:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s %f", command, NUM2DBL(val));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1155:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s --blankout %f", command, NUM2DBL(g->blankout));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1157:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s -O", command);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1176:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s %s", command, STR2CSTR(argv[2]));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1180:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s %s", command, STR2CSTR(argv[1]));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1190:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s %s", command, STR2CSTR(argv[0]));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1210:8: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fp = popen(command, "w");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1244:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s %s", command, STR2CSTR(argv[2]));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1248:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s %s", command, STR2CSTR(argv[1]));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1258:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s %s", command, STR2CSTR(argv[0]));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1276:8: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fp = popen(command, "w");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl.c:26:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", rb_class2name(CLASS_OF(obj)));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl.c:49:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Class: %s\n", rb_class2name(CLASS_OF(obj)));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl.c:50:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%sSuperClass: %s\n", buf, rb_class2name(RCLASS_SUPER(CLASS_OF(obj))));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl.c:52:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (s) sprintf(buf, "%sType: %s\n", buf, STR2CSTR(s));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl.c:54:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (s) sprintf(buf, "%sSize: %d\n", buf, (int) FIX2INT(s));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram.c:115:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, StringValuePtr(name));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram.c:116:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "wc %s", filename);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram.c:117:8: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fp = popen(buf, "r");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram.c:945:8: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fp = popen(command, "w");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram.c:969:10: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fp = popen("gnuplot -persist", "w");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram.c:974:10: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fp = popen("gnuplot -persist", "w");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram.c:1554:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fittype, STR2CSTR(argv[0]));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/interp.c:418:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, STR2CSTR(t));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/interp.c:446:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Class: %s\n", rb_class2name(CLASS_OF(obj)));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/interp.c:447:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%sSuperClass: %s\n", buf, rb_class2name(RCLASS_SUPER(CLASS_OF(obj))));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/interp.c:448:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%sType: %s\n", buf, gsl_interp_name(p->p));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/interp.c:449:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%sxmin: %f\n", buf, p->p->xmin);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/interp.c:450:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%sxmax: %f\n", buf, p->p->xmax);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/interp.c:451:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%sSize: %d\n", buf, (int) p->p->size);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/interp2d.c:217:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, STR2CSTR(t));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_complex.c:627:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_complex.c:653:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "#<%s[%lu,%lu]:%#lx>\n", rb_class2name(CLASS_OF(obj)), m->size1, m->size2, NUM2ULONG(rb_obj_id(obj)));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:851:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(PRINTF_FORMAT, FUNCTION(gsl_matrix,get)(m, i, j));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:886:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(format2, format);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:888:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(format, PRINTF_FORMAT);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:889:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(format2, " " PRINTF_FORMAT);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:900:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, format, x);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:902:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, format2, x);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:931:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s\n", rb_class2name(CLASS_OF(obj)));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:941:37: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
static VALUE FUNCTION(rb_gsl_matrix,fprintf)(int argc, VALUE *argv, VALUE obj)
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:953:34: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
status = FUNCTION(gsl_matrix,fprintf)(fp, h, STR2CSTR(argv[1]));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:955:34: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
status = FUNCTION(gsl_matrix,fprintf)(fp, h, PRINTF_FORMAT2);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:961:37: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
static VALUE FUNCTION(rb_gsl_matrix,printf)(int argc, VALUE *argv, VALUE obj)
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:968:34: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
status = FUNCTION(gsl_matrix,fprintf)(stdout, h, STR2CSTR(argv[0]));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:970:34: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
status = FUNCTION(gsl_matrix,fprintf)(stdout, h, PRINTF_FORMAT2);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:976:37: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
static VALUE FUNCTION(rb_gsl_matrix,fscanf)(VALUE obj, VALUE io)
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:983:32: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
status = FUNCTION(gsl_matrix,fscanf)(fp, h);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:2066:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Class: %s\n", rb_class2name(CLASS_OF(obj)));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:2067:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%sSuperClass: %s\n", buf, rb_class2name(RCLASS_SUPER(CLASS_OF(obj))));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:2068:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%sDimension: %dx%d\n", buf, (int) m->size1, (int) m->size2);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:2069:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%sSize: %d\n", buf, (int) (m->size1*m->size2));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:2524:43: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
FUNCTION(rb_gsl_matrix,fprintf), -1);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:2526:43: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
FUNCTION(rb_gsl_matrix,printf), -1);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:2528:43: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
FUNCTION(rb_gsl_matrix,fscanf), 1);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/min.c:30:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, STR2CSTR(t));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/monte.c:444:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, STR2CSTR(vt));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multifit.c:213:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, STR2CSTR(argv[0]));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multifit.c:1716:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fittype, STR2CSTR(argv[2]));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multifit.c:1722:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fittype, STR2CSTR(argv[3]));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multimin.c:449:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, STR2CSTR(t));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multimin.c:594:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, STR2CSTR(t));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multimin_fsdf.c:19:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, STR2CSTR(t));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multiroots.c:433:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name,STR2CSTR(t));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multiroots.c:462:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name,STR2CSTR(t));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/odeiv.c:348:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, STR2CSTR(tt));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/odeiv.c:445:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Class: %s\n", rb_class2name(CLASS_OF(obj)));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/odeiv.c:446:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%sSuperClass: %s\n", buf, rb_class2name(RCLASS_SUPER(CLASS_OF(obj))));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/odeiv.c:447:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%sType: %s\n", buf, gsl_odeiv_step_name(s));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/odeiv.c:448:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%sDimension: %d\n", buf, (int) s->dimension);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/ool.c:34:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, STR2CSTR(t));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/permutation.c:338:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s\n", rb_class2name(CLASS_OF(obj)));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly_source.h:1531:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Class: %s\n", rb_class2name(CLASS_OF(obj)));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly_source.h:1532:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%sSuperClass: %s\n", buf, rb_class2name(RCLASS_SUPER(CLASS_OF(obj))));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly_source.h:1533:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%sOrder: %d\n", buf, (int) v->size-1);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/qrng.c:38:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, STR2CSTR(t));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/root.c:37:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, STR2CSTR(t));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/root.c:202:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, STR2CSTR(t));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf.c:38:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s\n", rb_class2name(CLASS_OF(obj)));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/spline.c:347:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Class: %s\n", rb_class2name(CLASS_OF(obj)));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/spline.c:348:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%sSuperClass: %s\n", buf, rb_class2name(RCLASS_SUPER(CLASS_OF(obj))));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/spline.c:349:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%sType: %s\n", buf, gsl_interp_name(p->s->interp));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/spline.c:350:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%sxmin: %f\n", buf, p->s->interp->xmin);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/spline.c:351:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%sxmax: %f\n", buf, p->s->interp->xmax);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/spline.c:352:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%sSize: %d\n", buf, (int) p->s->size);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:290:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
static VALUE FUNCTION(rb_tensor,fprintf)(int argc, VALUE *argv, VALUE obj)
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:302:32: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
status = FUNCTION(tensor,fprintf)(fp, h->tensor, STR2CSTR(argv[1]));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:307:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
status = FUNCTION(tensor,fprintf)(fp, h->tensor, OUT_FORMAT);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:314:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
static VALUE FUNCTION(rb_tensor,printf)(int argc, VALUE *argv, VALUE obj)
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:323:32: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
status = FUNCTION(tensor,fprintf)(stdout, h->tensor, STR2CSTR(argv[0]));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:325:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
status = FUNCTION(tensor,fprintf)(stdout, h->tensor, OUT_FORMAT);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:330:33: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
static VALUE FUNCTION(rb_tensor,fscanf)(VALUE obj, VALUE io)
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:337:28: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
status = FUNCTION(tensor,fscanf)(fp, h->tensor);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:789:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, PRINTF_FORMAT, FUNCTION(gsl_matrix,get)(m, i, j));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:819:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, PRINTF_FORMAT, FUNCTION(gsl_vector,get)(v, 0));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:822:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, PRINTF_FORMAT, FUNCTION(gsl_vector,get)(v, i));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:843:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s\n", rb_class2name(CLASS_OF(obj)));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:941:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Class: %s\n", rb_class2name(CLASS_OF(obj)));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:942:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%sSuperClass: %s\n", buf, rb_class2name(RCLASS_SUPER(CLASS_OF(obj))));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:943:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%sRank: %d\n", buf, (int) t->tensor->rank);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:944:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%sDimension: %d\n", buf, (int) t->tensor->dimension);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:945:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%sSize: %d\n", buf, (int) t->tensor->size);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:1002:39: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
FUNCTION(rb_tensor,fprintf), -1);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:1004:39: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
FUNCTION(rb_tensor,printf), -1);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:1006:39: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
FUNCTION(rb_tensor,fscanf), 1);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_complex.c:464:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "#<%s[%lu]:%#lx>\n", rb_class2name(CLASS_OF(obj)), v->size, NUM2ULONG(rb_obj_id(obj)));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:534:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "graph -T X %s", STR2CSTR(argv[argc-1]));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:541:10: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fp = popen(command, "w");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:561:10: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fp = popen(command, "w");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:765:8: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fp = popen("gnuplot -persist", "w");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:771:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s %s", command, STR2CSTR(argv[4]));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:775:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s %s", command, STR2CSTR(argv[3]));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:785:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s %s", command, STR2CSTR(argv[2]));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:795:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s %s", command, STR2CSTR(argv[1]));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:805:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s %s", command, STR2CSTR(argv[0]));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:906:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, STR2CSTR(file));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:907:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "wc %s", filename);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:908:8: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fp = popen(buf, "r");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:913:37: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
static VALUE FUNCTION(rb_gsl_vector,fprintf)(int argc, VALUE *argv, VALUE obj)
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:924:36: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
status = FUNCTION(gsl_vector,fprintf)(fp, h, STR2CSTR(argv[1]));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:928:34: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
status = FUNCTION(gsl_vector,fprintf)(fp, h, "%g");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:934:37: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
static VALUE FUNCTION(rb_gsl_vector,printf)(int argc, VALUE *argv, VALUE obj)
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:943:36: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
status = FUNCTION(gsl_vector,fprintf)(stdout, h, STR2CSTR(argv[0]));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:945:34: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
status = FUNCTION(gsl_vector,fprintf)(stdout, h, "%g");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:950:37: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
static VALUE FUNCTION(rb_gsl_vector,fscanf)(VALUE obj, VALUE io)
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:957:32: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
status = FUNCTION(gsl_vector,fscanf)(fp, h);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1122:8: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fp = popen(command, "w");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1179:8: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fp = popen(command, "w");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1214:8: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fp = popen("gnuplot -persist", "w");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1263:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(PRINTF_FORMAT, FUNCTION(gsl_vector,get)(v, 0));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1265:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(PRINTF_FORMAT, FUNCTION(gsl_vector,get)(v, i));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1269:35: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
for (i = 0; i < v->size; i++) printf(PRINTF_FORMAT, FUNCTION(gsl_vector,get)(v, i));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1313:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(format2, format);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1315:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(format, PRINTF_FORMAT);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1316:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(format2, " " PRINTF_FORMAT);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1324:18: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
if (x < 0) sprintf(buf, format, x);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1325:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
else sprintf(buf, format2, x);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1335:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, PRINTF_FORMAT, FUNCTION(gsl_vector,get)(v, 0));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1338:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, PRINTF_FORMAT, FUNCTION(gsl_vector,get)(v, i));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1357:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s\n", rb_class2name(CLASS_OF(obj)));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1625:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, PRINTF_FORMAT2, FUNCTION(gsl_vector,get)(vp[i], j));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:2224:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, STR2CSTR(file));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:2225:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "sed '/^#/d' %s | wc", filename);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:2226:13: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((fp = popen(buf, "r")) == NULL)
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:2256:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
k = fscanf(fp, FORMAT_TMP, &val);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:3103:43: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
FUNCTION(rb_gsl_vector,fprintf), -1);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:3105:43: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
FUNCTION(rb_gsl_vector,printf), -1);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:3107:43: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
FUNCTION(rb_gsl_vector,fscanf), 1);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/nmf.c:67:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/array.c:226:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a, NA_PTR_TYPE(ary2,double*), size*sizeof(double));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/array.c:242:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->data, NA_PTR_TYPE(ary2,double*), size*sizeof(double));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:141:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:152:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "... ");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:167:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/common.c:25:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(name, "w");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/common.c:51:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(name, "r");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/common.c:120:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/common.c:156:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/complex.c:169:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[32], format[64];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/complex.c:865:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/complex.c:868:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "[ %4.3e %4.3e ]", GSL_REAL(*z), GSL_IMAG(*z));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/complex.c:874:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/dirac.c:177:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[7];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/dirac.c:195:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "Alpha%d", (int) i+1);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/dirac.c:203:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[7];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/dirac.c:210:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "Gamma%d", (int) i);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/dirac.c:228:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/dirac.c:238:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "Lambda%d", (int) i+1);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/dirac.c:340:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *name[NUM] = {"Pauli1", "Pauli2", "Pauli3",
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/eigen.c:106:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(A->data, (double*) na->ptr, sizeof(double)*A->size1*A->size2);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/eigen.c:123:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(A->data, (double*) na->ptr, sizeof(double)*A->size1*A->size2);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/eigen.c:160:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(A->data, (double*) nm->elements, sizeof(double)*A->size1*A->size2);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/eigen.c:284:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(A->data, (double*) na->ptr, sizeof(double)*A->size1*A->size2);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/eigen.c:301:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(A->data, (double*) na->ptr, sizeof(double)*A->size1*A->size2);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/eigen.c:345:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(A->data, (double*) nm->elements, sizeof(double)*A->size1*A->size2);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/eigen.c:362:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(A->data, (double*) nm->elements, sizeof(double)*A->size1*A->size2);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/eigen.c:761:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(A->data, (double*) na->ptr, sizeof(double)*A->size1*A->size2);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/eigen.c:778:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(A->data, (double*) na->ptr, sizeof(double)*A->size1*A->size2);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/eigen.c:980:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(A->data, (double*) na->ptr, sizeof(double)*A->size1*A->size2);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/eigen.c:997:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(A->data, (double*) na->ptr, sizeof(double)*A->size1*A->size2);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/eigen.c:1177:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(A->data, (double*) na->ptr, sizeof(double)*A->size1*A->size2);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/eigen.c:1194:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(A->data, (double*) na->ptr, sizeof(double)*A->size1*A->size2);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/fft.c:614:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr2, ptr1, sizeof(double)*n);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/fft.c:718:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr2, ptr1, sizeof(double)*n);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/fft.c:797:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr2, ptr1, sizeof(double)*n);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/function.c:249:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opt[256] = "", command[1024];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:21:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(command, "graph");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:966:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:969:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(command, "graph");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1169:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[1024];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1237:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[1024];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl.c:25:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl.c:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_narray.c:29:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NA_PTR_TYPE(nary,double*), v->data, shape[0]*sizeof(double));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_narray.c:48:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NA_PTR_TYPE(nary,double*), v->data, shape[0]*2*sizeof(double));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_narray.c:167:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NA_PTR_TYPE(nary,int*), v->data, shape[0]*sizeof(int));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_narray.c:270:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->data, NA_PTR_TYPE(nary,double*), v->size*sizeof(double));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_narray.c:297:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->data, NA_PTR_TYPE(nary,gsl_complex*), v->size*sizeof(gsl_complex));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_narray.c:324:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->data, NA_PTR_TYPE(nary,int*), v->size*sizeof(int));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_narray.c:354:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NA_PTR_TYPE(nary,double*)+(i*shape[0]), m->data+(i*m->tda),
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_narray.c:381:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NA_PTR_TYPE(nary,int*)+(i*shape[0]), m->data+(i*m->tda),
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_narray.c:516:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m->data, NA_PTR_TYPE(ary2,double*), m->size1*m->size2*sizeof(double));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_narray.c:548:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m->data, NA_PTR_TYPE(ary2,int*), m->size1*m->size2*sizeof(int));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_nmatrix.c:73:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->data, s->elements, v->size*sizeof(double));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_nmatrix.c:87:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->data, s->elements, v->size*sizeof(int32_t));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_nmatrix.c:101:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->data, s->elements, v->size*sizeof(double)*2);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_nmatrix.c:134:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m->data, s->elements, s->shape[0]*s->shape[1]*sizeof(double)); // double is nm :float64
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_nmatrix.c:146:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m->data, s->elements, s->shape[0]*s->shape[1]*sizeof(int32_t)); // int32_t is nm :int32
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_nmatrix.c:158:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m->data, s->elements, s->shape[0]*s->shape[1]*sizeof(double)*2);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram.c:109:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024], buf[1024];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram.c:124:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram.c:932:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[1024];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram.c:936:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(command, "graph -T X -g 3");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram.c:1551:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fittype[32];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram3d_source.c:144:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h->xrange, xrange, sizeof(double)*xsize);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram3d_source.c:145:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h->yrange, yrange, sizeof(double)*ysize);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram3d_source.c:146:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h->zrange, zrange, sizeof(double)*zsize);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram3d_source.c:171:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->xrange, src->xrange, sizeof(double)*(nx+1));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram3d_source.c:172:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->yrange, src->yrange, sizeof(double)*(ny+1));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram3d_source.c:173:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->zrange, src->zrange, sizeof(double)*(nz+1));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram3d_source.c:174:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->bin, src->bin, sizeof(double)*nx*ny*nz);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/ieee.c:32:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(RSTRING_PTR(argv[0]), "w");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/interp.c:401:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/interp.c:444:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/interp2d.c:204:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/interp2d.c:236:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/linalg.c:58:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((double*)na2->ptr, (double*)na->ptr, sizeof(double)*na2->total);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/linalg.c:946:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NA_PTR_TYPE(qr,double*),na->ptr,sizeof(double)*shapem[0]*shapem[1]);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/linalg.c:2388:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NA_PTR_TYPE(u,double*), (double*)A->ptr, sizeof(double)*A->total);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/linalg.c:2410:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NA_PTR_TYPE(u,double*), (double*)A->ptr, sizeof(double)*A->total);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/linalg.c:2704:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NA_PTR_TYPE(chol,double*), (double*)na->ptr, sizeof(double)*na->total);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/linalg.c:3390:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mtmp->data, (double*)na->ptr, sizeof(double)*na->total);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/linalg.c:3403:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mtmp->data, (double*)na->ptr, sizeof(double)*na->total);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/linalg.c:3423:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mtmp->data, (double*)nm->elements, sizeof(double)*nm->shape[0]*nm->shape[1]);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/linalg.c:3522:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mtmp->data, (double*)nm->elements, sizeof(double)*nm->shape[0]*nm->shape[1]);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_complex.c:603:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_complex.c:649:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:276:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m->data, NA_PTR_TYPE(ary,BASE*), n*sizeof(BASE));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:785:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
FUNCTION(gsl_matrix,memcpy)(&mv.matrix, mother);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:868:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32], format[32], format2[32];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:885:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(format, "%%%dd ", (int) dig);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:894:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, " ");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:905:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "... ");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:911:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "\n ... ]");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:930:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:1101:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
FUNCTION(gsl_matrix,memcpy)(mnew, m);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:1105:37: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static VALUE FUNCTION(rb_gsl_matrix,memcpy)(VALUE obj, VALUE mm1, VALUE mm2)
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:1111:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
FUNCTION(gsl_matrix,memcpy)(m1, m2);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:1332:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
FUNCTION(gsl_matrix,memcpy)(mnew, m);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:1334:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
FUNCTION(gsl_matrix,memcpy)(mtmp, mnew);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:1632:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t->tensor->data, m->data, sizeof(BASE)*t->tensor->size);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:2029:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
FUNCTION(gsl_matrix,memcpy)(m, mnew);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:2049:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
FUNCTION(gsl_matrix,memcpy)(m, mnew);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:2064:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:2140:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
FUNCTION(gsl_matrix,memcpy)(mnew, m);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:2471:53: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
FUNCTION(rb_gsl_matrix,memcpy), 2);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/min.c:27:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/monte.c:435:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multifit.c:208:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multifit.c:1690:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fittype[256];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multimin.c:446:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multimin.c:590:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multimin_fsdf.c:16:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multiroots.c:430:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multiroots.c:459:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multiset.c:106:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(STR2CSTR(name), "wb");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multiset.c:121:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(STR2CSTR(name), "wb");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multiset.c:136:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(STR2CSTR(name), "w");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multiset.c:151:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(STR2CSTR(name), "r");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/odeiv.c:326:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/odeiv.c:443:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/ool.c:30:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/permutation.c:320:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/permutation.c:326:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " %d", (int) gsl_permutation_get(v, i));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/permutation.c:329:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " ]");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/permutation.c:337:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c:30:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p0->data, coef1, 2*sizeof(int));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c:33:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p0->data, coef2, 3*sizeof(int));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c:38:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p1->data, coef2, 3*sizeof(int));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c:39:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p2->data, coef1, 2*sizeof(int));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c:70:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p0->data, coef1, 2*sizeof(int));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c:73:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p0->data, coef2, 3*sizeof(int));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c:78:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p1->data, coef2, 3*sizeof(int));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c:79:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p2->data, coef1, 2*sizeof(int));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c:109:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p0->data, coef1, 2*sizeof(int));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c:112:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p0->data, coef2, 3*sizeof(int));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c:117:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p1->data, coef2, 3*sizeof(int));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c:118:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p2->data, coef1, 2*sizeof(int));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c:186:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p0->data, coef1, 2*sizeof(int));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c:189:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p0->data, coef2, 3*sizeof(int));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c:193:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p1->data, coef2, 3*sizeof(int));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly_source.h:1294:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
FUNCTION(gsl_vector,memcpy)(vnew, v);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly_source.h:1440:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
FUNCTION(gsl_vector,memcpy)(vnew, v);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly_source.h:1529:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/qrng.c:34:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/root.c:34:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/root.c:199:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf.c:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf.c:67:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[32];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf.c:69:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%10.9e %10.9e", rslt->val, rslt->err);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf.c:110:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[32];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf.c:112:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%10.9e %10.9e\n", rslt->val, rslt->err);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/signal.c:184:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vtmp1->data, data1, sizeof(double)*size1);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/signal.c:185:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vtmp2->data, data2, sizeof(double)*size2);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sort.c:156:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr2, ptr1, sizeof(double)*size);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/spline.c:345:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/spline2d.c:181:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/stats.c:397:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data2, data, sizeof(double)*size*stride);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:138:34: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return INT2FIX(FUNCTION(tensor,memcpy)(dst->tensor, src->tensor));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:710:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->data, t->tensor->data, sizeof(BASE)*v->size);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:769:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:785:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, " ");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:792:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "... ");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:798:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "\n ... ]");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:825:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "... ");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:842:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:939:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_complex.c:417:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_complex.c:431:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "[%4.3e %4.3e]", GSL_REAL(*z), GSL_IMAG(*z));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_complex.c:441:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "[%4.3e %4.3e]", GSL_REAL(*z), GSL_IMAG(*z));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_complex.c:445:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " [%4.3e %4.3e]", GSL_REAL(*z), GSL_IMAG(*z));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_complex.c:460:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:528:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[1024];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:537:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(command, "graph -T X -C -g 3");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:764:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[1024];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:767:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(command, "plot '-'");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:899:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], filename[1024], *p;
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:915:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:226:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->data, NA_PTR_TYPE(ary2,BASE*), n*sizeof(BASE));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:407:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
FUNCTION(gsl_vector,memcpy)(&vv.vector, vother);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:560:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
FUNCTION(gsl_vector,memcpy)(vnew, v);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:761:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, v->data, sizeof(BASE)*v->size);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:766:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, v->data, sizeof(BASE)*v->size);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:777:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pnew->data+1, p->data, sizeof(BASE)*p->size);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:784:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pnew->data+1, p->data, sizeof(BASE)*p->size);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:794:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pnew->data, p->data + 1, sizeof(BASE)*(p->size-1));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:848:37: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static VALUE FUNCTION(rb_gsl_vector,memcpy)(VALUE obj, VALUE dest, VALUE src)
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:853:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
FUNCTION(gsl_vector,memcpy)(vdest, vsrc);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:863:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
FUNCTION(gsl_vector,memcpy)(vnew, v);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1088:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[1024];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1092:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(command, "graph -T X -g 3");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1098:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(command, "graph -T X -g 3");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1145:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[1024];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1149:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(command, "graph -T X -g 3");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1155:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(command, "graph -T X -g 3");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1291:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32], format[32], format2[32];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1312:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(format, "%%%dd ", (int) dig);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1320:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, " ");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1329:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, " ...");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1341:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "... ");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1356:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1503:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (v->stride == 1) memcpy(vnew->data, v->data, sizeof(BASE)*v->size);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1504:28: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
else FUNCTION(gsl_vector,memcpy)(vnew, v);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1578:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t->tensor->data, v->data, sizeof(BASE)*v->size);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1590:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024] = "";
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1804:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m->data, v->data, sizeof(BASE)*v->size);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1830:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
FUNCTION(gsl_vector,memcpy)(vnew, v);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1990:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
FUNCTION(gsl_vector,memcpy)(&vv.vector, v);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1998:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
FUNCTION(gsl_vector,memcpy)(&vv.vector, v);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:2010:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
FUNCTION(gsl_vector,memcpy)(&vv.vector, v);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:2020:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
FUNCTION(gsl_vector,memcpy)(&vv.vector, v);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:2022:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
FUNCTION(gsl_vector,memcpy)(&vv.vector, v2);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:2217:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], filename[1024];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:2233:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "r")) == NULL)
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:2897:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, buf[16];
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:2915:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%4.3e", FUNCTION(gsl_vector,get)(v, i));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:2917:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", FUNCTION(gsl_vector,get)(v, i));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:3088:53: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
FUNCTION(rb_gsl_vector,memcpy), 2);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/wavelet.c:314:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr2, ptr1, sizeof(double)*n);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/wavelet.c:472:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr2, ptr1, sizeof(double)*n);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:150:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:153:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:157:3: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(buf, "]");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:158:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/common.c:78:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len0 = strlen(s0);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/common.c:79:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen(s1);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/common.c:89:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len0 = strlen(s0);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/common.c:90:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen(s1);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_complex.c:629:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:895:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:903:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:906:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:912:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:916:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "]");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:917:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:919:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "\n");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:920:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:1523:34: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static int FUNCTION(mygsl_matrix,equal)(GSL_TYPE(gsl_matrix) *a, GSL_TYPE(gsl_matrix) *b, double eps)
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:1549:37: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static VALUE FUNCTION(rb_gsl_matrix,equal)(int argc, VALUE *argv, VALUE obj)
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:1568:35: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return FUNCTION(rb_gsl_tensor,equal)(argc, argv, obj);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:1574:29: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (FUNCTION(mygsl_matrix,equal)(a, b, eps) == 1) return Qtrue;
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:2583:43: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
FUNCTION(rb_gsl_matrix,equal), -1);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/permutation.c:327:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/permutation.c:330:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:786:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:790:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:793:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:799:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:803:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "]");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:804:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:806:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "\n");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:807:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:820:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:823:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:826:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:830:5: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(buf, "]");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:831:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:848:26: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
VALUE FUNCTION(rb_tensor,equal)(int argc, VALUE *argv, VALUE obj)
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:1105:39: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
FUNCTION(rb_tensor,equal), -1);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_complex.c:432:27: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (i != v->size-1) strcat(buf, "\n");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_complex.c:433:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_complex.c:442:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_complex.c:446:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:998:27: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
int FUNCTION(rbgsl_vector,equal)(const GSL_TYPE(gsl_vector) *v1, const GSL_TYPE(gsl_vector) *v2, double eps)
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1022:37: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static VALUE FUNCTION(rb_gsl_vector,equal)(int argc, VALUE *argv, VALUE obj)
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1043:35: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return FUNCTION(rb_gsl_tensor,equal)(argc, argv, obj);
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1059:31: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (FUNCTION(rbgsl_vector,equal)(v1, v2, eps)) return Qtrue;
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1321:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1326:27: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (i != v->size-1) strcat(buf, "\n");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1327:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1330:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1336:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1339:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1342:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1347:3: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(buf, "]");
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1348:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1626:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_buf_cat(str, buf, strlen(buf));
data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:3119:43: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
FUNCTION(rb_gsl_vector,equal), -1);
ANALYSIS SUMMARY:
Hits = 554
Lines analyzed = 70876 in approximately 1.71 seconds (41510 lines/second)
Physical Source Lines of Code (SLOC) = 62039
Hits@level = [0] 96 [1] 58 [2] 221 [3] 1 [4] 274 [5] 0
Hits@level+ = [0+] 650 [1+] 554 [2+] 496 [3+] 275 [4+] 274 [5+] 0
Hits/KSLOC@level+ = [0+] 10.4773 [1+] 8.92987 [2+] 7.99497 [3+] 4.4327 [4+] 4.41658 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.