Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/snaphu-2.0.4/src/snaphu.c
Examining data/snaphu-2.0.4/src/snaphu_cost.c
Examining data/snaphu-2.0.4/src/snaphu_cs2.c
Examining data/snaphu-2.0.4/src/snaphu_cs2parse.c
Examining data/snaphu-2.0.4/src/snaphu_cs2types.h
Examining data/snaphu-2.0.4/src/snaphu_io.c
Examining data/snaphu-2.0.4/src/snaphu_solver.c
Examining data/snaphu-2.0.4/src/snaphu_tile.c
Examining data/snaphu-2.0.4/src/snaphu_util.c
Examining data/snaphu-2.0.4/src/snaphu.h
FINAL RESULTS:
data/snaphu-2.0.4/src/snaphu_io.c:253:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(sp1,OPTIONSHELPBRIEF);
data/snaphu-2.0.4/src/snaphu_io.c:266:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(sp1,OPTIONSHELPFULL);
data/snaphu-2.0.4/src/snaphu_io.c:511:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(sp1,COPYRIGHT);
data/snaphu-2.0.4/src/snaphu_io.c:515:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(sp1,OPTIONSHELPFULL);
data/snaphu-2.0.4/src/snaphu_io.c:1254:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
nfields=sscanf(buf,"%s %s",str1,str2);
data/snaphu-2.0.4/src/snaphu_io.c:2161:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dumpfile,basename);
data/snaphu-2.0.4/src/snaphu_io.c:3402:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(logfile,"%s/%s%ld_%ld",params->tiledir,LOGFILEROOT,tilerow,tilecol);
data/snaphu-2.0.4/src/snaphu_io.c:3510:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(params->tiledir,"%s%s%ld",path,TMPTILEDIRROOT,params->parentpid);
data/snaphu-2.0.4/src/snaphu_io.c:3553:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outfile,"%s%s%ld_%s",path,TILEINITFILEROOT,pid,basename);
data/snaphu-2.0.4/src/snaphu_io.c:3602:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,basename);
data/snaphu-2.0.4/src/snaphu_tile.c:206:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempstring,"%s/%s%s_%ld_%ld.%ld",
data/snaphu-2.0.4/src/snaphu_tile.c:211:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempstring,"%s/%s%s_%ld_%ld.%ld",
data/snaphu-2.0.4/src/snaphu_tile.c:219:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempstring,"%s/%s%s_%ld_%ld.%ld",
data/snaphu-2.0.4/src/snaphu_tile.c:227:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempstring,"%s/%s%s_%ld_%ld.%ld",
data/snaphu-2.0.4/src/snaphu_tile.c:235:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempstring,"%s/%s%s_%ld_%ld.%ld",
data/snaphu-2.0.4/src/snaphu_tile.c:243:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempstring,"%s/%s%s_%ld_%ld.%ld",
data/snaphu-2.0.4/src/snaphu_tile.c:251:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempstring,"%s/%s%s_%ld_%ld.%ld",
data/snaphu-2.0.4/src/snaphu_tile.c:259:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempstring,"%s/%s%s_%ld_%ld.%ld",
data/snaphu-2.0.4/src/snaphu_tile.c:267:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempstring,"%s/%s%s_%ld_%ld.%ld",
data/snaphu-2.0.4/src/snaphu_tile.c:275:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempstring,"%s/%s%s_%ld_%ld.%ld",
data/snaphu-2.0.4/src/snaphu_tile.c:283:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempstring,"%s/%s%s_%ld_%ld.%ld",
data/snaphu-2.0.4/src/snaphu_tile.c:291:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempstring,"%s/%s%s_%ld_%ld.%ld",
data/snaphu-2.0.4/src/snaphu_tile.c:299:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempstring,"%s/%s%s_%ld_%ld.%ld",
data/snaphu-2.0.4/src/snaphu_tile.c:303:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempstring,"%s/%s%s%ld_%ld.%ld",
data/snaphu-2.0.4/src/snaphu_tile.c:310:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempstring,"%s/%s%s_%ld_%ld.%ld",
data/snaphu-2.0.4/src/snaphu_tile.c:636:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(regionfile,"%s%s",outfiles->outfile,REGIONSUFFIX);
data/snaphu-2.0.4/src/snaphu_tile.c:1553:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename,"%s/%s%ld_%ld",
data/snaphu-2.0.4/src/snaphu_tile.c:1628:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempstring,"%s/%s%s_%ld_%ld.%ld%s",
data/snaphu-2.0.4/src/snaphu_tile.c:1807:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempstring,"%s/%s%s_%ld_%ld.%ld%s",
data/snaphu-2.0.4/src/snaphu_tile.c:1850:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempstring,"%s/%s%s_%ld_%ld.%ld%s",
data/snaphu-2.0.4/src/snaphu_tile.c:3673:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempstring,"%s/%s%s_%ld_%ld.%ld%s",
data/snaphu-2.0.4/src/snaphu.c:139:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tileinitfile[MAXSTRLEN];
data/snaphu-2.0.4/src/snaphu.c:166:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iterinfiles,infiles,sizeof(infileT));
data/snaphu-2.0.4/src/snaphu.c:167:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iteroutfiles,outfiles,sizeof(outfileT));
data/snaphu-2.0.4/src/snaphu.c:168:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iterparams,params,sizeof(paramT));
data/snaphu-2.0.4/src/snaphu.h:658:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tiledir[MAXSTRLEN];/* directory for temporary tile files */
data/snaphu-2.0.4/src/snaphu.h:671:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infile[MAXSTRLEN]; /* input interferogram */
data/snaphu-2.0.4/src/snaphu.h:672:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magfile[MAXSTRLEN]; /* interferogram magnitude (optional) */
data/snaphu-2.0.4/src/snaphu.h:673:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ampfile[MAXSTRLEN]; /* image amplitude or power file */
data/snaphu-2.0.4/src/snaphu.h:674:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ampfile2[MAXSTRLEN]; /* second amplitude or power file */
data/snaphu-2.0.4/src/snaphu.h:675:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char weightfile[MAXSTRLEN]; /* arc weights */
data/snaphu-2.0.4/src/snaphu.h:676:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char corrfile[MAXSTRLEN]; /* correlation file */
data/snaphu-2.0.4/src/snaphu.h:677:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char estfile[MAXSTRLEN]; /* unwrapped estimate */
data/snaphu-2.0.4/src/snaphu.h:678:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char costinfile[MAXSTRLEN]; /* file from which cost data is read */
data/snaphu-2.0.4/src/snaphu.h:679:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytemaskfile[MAXSTRLEN]; /* signed char valid pixel mask */
data/snaphu-2.0.4/src/snaphu.h:680:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dotilemaskfile[MAXSTRLEN]; /* signed char tile unwrap mask file */
data/snaphu-2.0.4/src/snaphu.h:693:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfile[MAXSTRLEN]; /* unwrapped output */
data/snaphu-2.0.4/src/snaphu.h:694:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char initfile[MAXSTRLEN]; /* unwrapped initialization */
data/snaphu-2.0.4/src/snaphu.h:695:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flowfile[MAXSTRLEN]; /* flows of unwrapped solution */
data/snaphu-2.0.4/src/snaphu.h:696:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eifile[MAXSTRLEN]; /* despckled, normalized intensity */
data/snaphu-2.0.4/src/snaphu.h:697:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rowcostfile[MAXSTRLEN]; /* statistical azimuth cost array */
data/snaphu-2.0.4/src/snaphu.h:698:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colcostfile[MAXSTRLEN]; /* statistical range cost array */
data/snaphu-2.0.4/src/snaphu.h:699:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mstrowcostfile[MAXSTRLEN]; /* scalar initialization azimuth costs */
data/snaphu-2.0.4/src/snaphu.h:700:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mstcolcostfile[MAXSTRLEN]; /* scalar initialization range costs */
data/snaphu-2.0.4/src/snaphu.h:701:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mstcostsfile[MAXSTRLEN]; /* scalar initialization costs (all) */
data/snaphu-2.0.4/src/snaphu.h:702:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char corrdumpfile[MAXSTRLEN]; /* correlation coefficient magnitude */
data/snaphu-2.0.4/src/snaphu.h:703:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rawcorrdumpfile[MAXSTRLEN]; /* correlation coefficient magnitude */
data/snaphu-2.0.4/src/snaphu.h:704:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char conncompfile[MAXSTRLEN]; /* connected component map or mask */
data/snaphu-2.0.4/src/snaphu.h:705:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char costoutfile[MAXSTRLEN]; /* file to which cost data is written */
data/snaphu-2.0.4/src/snaphu.h:706:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logfile[MAXSTRLEN]; /* file to which parmeters are logged */
data/snaphu-2.0.4/src/snaphu_io.c:575:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(outfiles->outfile,"a"))==NULL){
data/snaphu-2.0.4/src/snaphu_io.c:1161:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXLINELEN];
data/snaphu-2.0.4/src/snaphu_io.c:1167:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(conffile,"r"))==NULL){
data/snaphu-2.0.4/src/snaphu_io.c:1244:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str1[MAXLINELEN], str2[MAXLINELEN];
data/snaphu-2.0.4/src/snaphu_io.c:1726:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXSTRLEN], *ptr;
data/snaphu-2.0.4/src/snaphu_io.c:1727:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostnamestr[MAXSTRLEN];
data/snaphu-2.0.4/src/snaphu_io.c:1733:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(outfiles->logfile,"w"))==NULL){
data/snaphu-2.0.4/src/snaphu_io.c:2092:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(infiles->infile,"r"))==NULL){
data/snaphu-2.0.4/src/snaphu_io.c:2152:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXSTRLEN], basename[MAXSTRLEN], dumpfile[MAXSTRLEN];
data/snaphu-2.0.4/src/snaphu_io.c:2155:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(outfile,"w"))==NULL){
data/snaphu-2.0.4/src/snaphu_io.c:2162:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(dumpfile,"w"))!=NULL){
data/snaphu-2.0.4/src/snaphu_io.c:2194:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realoutfile[MAXSTRLEN];
data/snaphu-2.0.4/src/snaphu_io.c:2227:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realoutfile[MAXSTRLEN];
data/snaphu-2.0.4/src/snaphu_io.c:2262:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realoutfile[MAXSTRLEN];
data/snaphu-2.0.4/src/snaphu_io.c:2293:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realoutfile[MAXSTRLEN];
data/snaphu-2.0.4/src/snaphu_io.c:2839:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(alfile,"r"))==NULL){
data/snaphu-2.0.4/src/snaphu_io.c:2908:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(alfile,"r"))==NULL){
data/snaphu-2.0.4/src/snaphu_io.c:2966:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(rifile,"r"))==NULL){
data/snaphu-2.0.4/src/snaphu_io.c:3041:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(infile,"r"))==NULL){
data/snaphu-2.0.4/src/snaphu_io.c:3100:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(infile,"r"))==NULL){
data/snaphu-2.0.4/src/snaphu_io.c:3167:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(filename,"r"))==NULL){
data/snaphu-2.0.4/src/snaphu_io.c:3239:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(filename,"r"))==NULL){
data/snaphu-2.0.4/src/snaphu_io.c:3337:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((sp0=fopen(NULLFILE,"w"))==NULL){
data/snaphu-2.0.4/src/snaphu_io.c:3344:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((sp1=fopen(NULLFILE,"w"))==NULL){
data/snaphu-2.0.4/src/snaphu_io.c:3351:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((sp2=fopen(NULLFILE,"w"))==NULL){
data/snaphu-2.0.4/src/snaphu_io.c:3358:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((sp3=fopen(NULLFILE,"w"))==NULL){
data/snaphu-2.0.4/src/snaphu_io.c:3399:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logfile[MAXSTRLEN], cwd[MAXSTRLEN];
data/snaphu-2.0.4/src/snaphu_io.c:3403:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((logfp=fopen(logfile,"w"))==NULL){
data/snaphu-2.0.4/src/snaphu_io.c:3425:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((sp3=fopen(NULLFILE,"w"))==NULL){
data/snaphu-2.0.4/src/snaphu_io.c:3442:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char incrcostfile[MAXSTRLEN];
data/snaphu-2.0.4/src/snaphu_io.c:3443:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempstr[MAXSTRLEN];
data/snaphu-2.0.4/src/snaphu_io.c:3462:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempstr,".%ld_%ld",iincrcostfile,nflow);
data/snaphu-2.0.4/src/snaphu_io.c:3477:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempstr,".%ld_%ld",iincrcostfile,nflow);
data/snaphu-2.0.4/src/snaphu_io.c:3498:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXSTRLEN], basename[MAXSTRLEN];
data/snaphu-2.0.4/src/snaphu_io.c:3542:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXSTRLEN], basename[MAXSTRLEN];
data/snaphu-2.0.4/src/snaphu_io.c:3577:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempstring[MAXSTRLEN];
data/snaphu-2.0.4/src/snaphu_solver.c:3197:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pl[2];
data/snaphu-2.0.4/src/snaphu_tile.c:174:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempstring[MAXTMPSTRLEN], path[MAXSTRLEN], basename[MAXSTRLEN];
data/snaphu-2.0.4/src/snaphu_tile.c:388:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char regionfile[MAXSTRLEN];
data/snaphu-2.0.4/src/snaphu_tile.c:686:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realoutfile[MAXSTRLEN];
data/snaphu-2.0.4/src/snaphu_tile.c:919:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ucharbuf[col]=(unsigned char )uintbuf[col];
data/snaphu-2.0.4/src/snaphu_tile.c:1231:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAXSTRLEN];
data/snaphu-2.0.4/src/snaphu_tile.c:1409:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
iscandidate[i]=(signed char *)MAlloc(nscndryarcs[i]*sizeof(signed char));
data/snaphu-2.0.4/src/snaphu_tile.c:1587:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nextfile[MAXSTRLEN], tempstring[MAXTMPSTRLEN];
data/snaphu-2.0.4/src/snaphu_tile.c:1588:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXSTRLEN], basename[MAXSTRLEN];
data/snaphu-2.0.4/src/snaphu_tile.c:1728:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempstring[MAXTMPSTRLEN], readregionfile[MAXSTRLEN];
data/snaphu-2.0.4/src/snaphu_tile.c:1729:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXSTRLEN], basename[MAXSTRLEN];
data/snaphu-2.0.4/src/snaphu_tile.c:3586:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realoutfile[MAXSTRLEN], readfile[MAXSTRLEN], tempstring[MAXTMPSTRLEN];
data/snaphu-2.0.4/src/snaphu_tile.c:3587:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXSTRLEN], basename[MAXSTRLEN];
data/snaphu-2.0.4/src/snaphu_tile.c:3963:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realoutfile[MAXSTRLEN], readfile[MAXSTRLEN], tempstring[MAXTMPSTRLEN];
data/snaphu-2.0.4/src/snaphu_tile.c:3964:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXSTRLEN], basename[MAXSTRLEN];
data/snaphu-2.0.4/src/snaphu_util.c:455:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
arr[row]=&(((char *)baseptr)[row*ncol*size]);
data/snaphu-2.0.4/src/snaphu_util.c:505:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
arr[row]=&(((char *)baseptr)[row*ncol*size]);
data/snaphu-2.0.4/src/snaphu_util.c:508:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
arr[row]=&(((char *)baseptr)[((nrow-1)*ncol+(row-(nrow-1))*(ncol-1))*size]);
data/snaphu-2.0.4/src/snaphu.c:455:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(infiles->estfile)){
data/snaphu-2.0.4/src/snaphu.c:509:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(params->initonly || strlen(outfiles->initfile)){
data/snaphu-2.0.4/src/snaphu.c:687:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outfiles->flowfile)){
data/snaphu-2.0.4/src/snaphu.c:712:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outfiles->conncompfile)){
data/snaphu-2.0.4/src/snaphu_cost.c:209:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(infiles->costinfile)){
data/snaphu-2.0.4/src/snaphu_cost.c:284:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(infiles->costinfile) || params->costmode!=NOSTATCOSTS){
data/snaphu-2.0.4/src/snaphu_cost.c:285:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outfiles->costoutfile)){
data/snaphu-2.0.4/src/snaphu_cost.c:289:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outfiles->rowcostfile)){
data/snaphu-2.0.4/src/snaphu_cost.c:293:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outfiles->colcostfile)){
data/snaphu-2.0.4/src/snaphu_cost.c:412:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outfiles->mstrowcostfile)){
data/snaphu-2.0.4/src/snaphu_cost.c:416:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outfiles->mstcolcostfile)){
data/snaphu-2.0.4/src/snaphu_cost.c:420:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outfiles->mstcostsfile)){
data/snaphu-2.0.4/src/snaphu_cost.c:522:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outfiles->eifile)){
data/snaphu-2.0.4/src/snaphu_cost.c:1308:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(infiles->ampfile)){
data/snaphu-2.0.4/src/snaphu_cost.c:1324:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(infiles->corrfile)){
data/snaphu-2.0.4/src/snaphu_cost.c:1422:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outfiles->rawcorrdumpfile)){
data/snaphu-2.0.4/src/snaphu_cost.c:1455:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outfiles->corrdumpfile)){
data/snaphu-2.0.4/src/snaphu_io.c:259:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(argv[i])==1){
data/snaphu-2.0.4/src/snaphu_io.c:264:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(j=1;j<strlen(argv[i]);j++){
data/snaphu-2.0.4/src/snaphu_io.c:281:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(++i<argc && j==strlen(argv[i-1])-1){
data/snaphu-2.0.4/src/snaphu_io.c:291:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(++i<argc && j==strlen(argv[i-1])-1){
data/snaphu-2.0.4/src/snaphu_io.c:300:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(++i<argc && j==strlen(argv[i-1])-1){
data/snaphu-2.0.4/src/snaphu_io.c:307:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(++i<argc && j==strlen(argv[i-1])-1){
data/snaphu-2.0.4/src/snaphu_io.c:314:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(++i<argc && j==strlen(argv[i-1])-1){
data/snaphu-2.0.4/src/snaphu_io.c:321:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(++i<argc && j==strlen(argv[i-1])-1){
data/snaphu-2.0.4/src/snaphu_io.c:328:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(++i<argc && j==strlen(argv[i-1])-1){
data/snaphu-2.0.4/src/snaphu_io.c:336:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(++i<argc && j==strlen(argv[i-1])-1){
data/snaphu-2.0.4/src/snaphu_io.c:344:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(++i<argc && j==strlen(argv[i-1])-1){
data/snaphu-2.0.4/src/snaphu_io.c:351:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(++i<argc && j==strlen(argv[i-1])-1){
data/snaphu-2.0.4/src/snaphu_io.c:358:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(++i<argc && j==strlen(argv[i-1])-1){
data/snaphu-2.0.4/src/snaphu_io.c:366:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(++i<argc && j==strlen(argv[i-1])-1){
data/snaphu-2.0.4/src/snaphu_io.c:373:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(++i<argc && j==strlen(argv[i-1])-1){
data/snaphu-2.0.4/src/snaphu_io.c:385:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(++i<argc && j==strlen(argv[i-1])-1){
data/snaphu-2.0.4/src/snaphu_io.c:408:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(++i<argc && j==strlen(argv[i-1])-1){
data/snaphu-2.0.4/src/snaphu_io.c:531:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(infiles->infile)){
data/snaphu-2.0.4/src/snaphu_io.c:549:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(infiles->infile) || !(*linelenptr)){
data/snaphu-2.0.4/src/snaphu_io.c:610:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(infiles->costinfile) && params->costmode==NOSTATCOSTS){
data/snaphu-2.0.4/src/snaphu_io.c:616:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outfiles->costoutfile) && params->costmode==NOSTATCOSTS){
data/snaphu-2.0.4/src/snaphu_io.c:729:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(infiles->corrfile)
data/snaphu-2.0.4/src/snaphu_io.c:747:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(infiles->corrfile)){
data/snaphu-2.0.4/src/snaphu_io.c:917:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(infiles->infileformat!=FLOAT_DATA || strlen(infiles->magfile)){
data/snaphu-2.0.4/src/snaphu_io.c:943:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(infiles->bytemaskfile)
data/snaphu-2.0.4/src/snaphu_io.c:1018:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n=strlen(params->tiledir);
data/snaphu-2.0.4/src/snaphu_io.c:1022:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(params->tiledir)){
data/snaphu-2.0.4/src/snaphu_io.c:1101:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(outfiles->conncompfile)){
data/snaphu-2.0.4/src/snaphu_io.c:1130:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outfiles->conncompfile)){
data/snaphu-2.0.4/src/snaphu_io.c:1166:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(conffile)){
data/snaphu-2.0.4/src/snaphu_io.c:1190:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(ptr==NULL && !strlen(buf)){
data/snaphu-2.0.4/src/snaphu_io.c:1196:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(buf)>=MAXLINELEN-1){
data/snaphu-2.0.4/src/snaphu_io.c:1276:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(infiles->ampfile2) && !params->amplitude){
data/snaphu-2.0.4/src/snaphu_io.c:1283:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(infiles->ampfile) && !params->amplitude){
data/snaphu-2.0.4/src/snaphu_io.c:1291:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(infiles->ampfile2) && params->amplitude){
data/snaphu-2.0.4/src/snaphu_io.c:1299:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(infiles->ampfile) && params->amplitude){
data/snaphu-2.0.4/src/snaphu_io.c:1730:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outfiles->logfile)){
data/snaphu-2.0.4/src/snaphu_io.c:1781:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(infiles->ampfile2)){
data/snaphu-2.0.4/src/snaphu_io.c:1788:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(infiles->ampfile2)){
data/snaphu-2.0.4/src/snaphu_io.c:2034:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(value)){
data/snaphu-2.0.4/src/snaphu_io.c:2479:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(infiles->magfile)){
data/snaphu-2.0.4/src/snaphu_io.c:2520:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(infiles->bytemaskfile)){
data/snaphu-2.0.4/src/snaphu_io.c:2622:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(weightfile)){
data/snaphu-2.0.4/src/snaphu_io.c:2687:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(infiles->ampfile2)){
data/snaphu-2.0.4/src/snaphu_io.c:3294:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(outfiles->initfile)){
data/snaphu-2.0.4/src/snaphu_io.c:3297:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(outfiles->flowfile)){
data/snaphu-2.0.4/src/snaphu_io.c:3300:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(outfiles->eifile)){
data/snaphu-2.0.4/src/snaphu_io.c:3303:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(outfiles->rowcostfile)){
data/snaphu-2.0.4/src/snaphu_io.c:3306:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(outfiles->colcostfile)){
data/snaphu-2.0.4/src/snaphu_io.c:3309:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(outfiles->mstrowcostfile)){
data/snaphu-2.0.4/src/snaphu_io.c:3312:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(outfiles->mstcolcostfile)){
data/snaphu-2.0.4/src/snaphu_io.c:3315:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(outfiles->mstcostsfile)){
data/snaphu-2.0.4/src/snaphu_io.c:3318:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(outfiles->corrdumpfile)){
data/snaphu-2.0.4/src/snaphu_io.c:3321:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(outfiles->rawcorrdumpfile)){
data/snaphu-2.0.4/src/snaphu_io.c:3461:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(incrcostfile,INCRCOSTFILEPOS,MAXSTRLEN-1);
data/snaphu-2.0.4/src/snaphu_io.c:3463:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(incrcostfile,tempstr,MAXSTRLEN-strlen(incrcostfile)-1);
data/snaphu-2.0.4/src/snaphu_io.c:3463:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(incrcostfile,tempstr,MAXSTRLEN-strlen(incrcostfile)-1);
data/snaphu-2.0.4/src/snaphu_io.c:3476:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(incrcostfile,INCRCOSTFILENEG,MAXSTRLEN-1);
data/snaphu-2.0.4/src/snaphu_io.c:3478:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(incrcostfile,tempstr,MAXSTRLEN-strlen(incrcostfile)-1);
data/snaphu-2.0.4/src/snaphu_io.c:3478:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(incrcostfile,tempstr,MAXSTRLEN-strlen(incrcostfile)-1);
data/snaphu-2.0.4/src/snaphu_io.c:3508:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(params->tiledir)){
data/snaphu-2.0.4/src/snaphu_io.c:3581:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(filename)){
data/snaphu-2.0.4/src/snaphu_io.c:3603:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(path,"/");
data/snaphu-2.0.4/src/snaphu_io.c:3607:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(basename)){
data/snaphu-2.0.4/src/snaphu_solver.c:3216:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(pl,"s");
data/snaphu-2.0.4/src/snaphu_solver.c:3218:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(pl,"");
data/snaphu-2.0.4/src/snaphu_tile.c:209:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outfiles->initfile)){
data/snaphu-2.0.4/src/snaphu_tile.c:217:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outfiles->flowfile)){
data/snaphu-2.0.4/src/snaphu_tile.c:225:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outfiles->eifile)){
data/snaphu-2.0.4/src/snaphu_tile.c:233:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outfiles->rowcostfile)){
data/snaphu-2.0.4/src/snaphu_tile.c:241:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outfiles->colcostfile)){
data/snaphu-2.0.4/src/snaphu_tile.c:249:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outfiles->mstrowcostfile)){
data/snaphu-2.0.4/src/snaphu_tile.c:257:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outfiles->mstcolcostfile)){
data/snaphu-2.0.4/src/snaphu_tile.c:265:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outfiles->mstcostsfile)){
data/snaphu-2.0.4/src/snaphu_tile.c:273:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outfiles->corrdumpfile)){
data/snaphu-2.0.4/src/snaphu_tile.c:281:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outfiles->rawcorrdumpfile)){
data/snaphu-2.0.4/src/snaphu_tile.c:289:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outfiles->conncompfile)){
data/snaphu-2.0.4/src/snaphu_tile.c:297:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outfiles->costoutfile)){
data/snaphu-2.0.4/src/snaphu_tile.c:308:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outfiles->logfile)){
data/snaphu-2.0.4/src/snaphu_tile.c:344:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(infiles->dotilemaskfile)){
data/snaphu-2.0.4/src/snaphu_tile.c:1524:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outfiles->conncompfile)){
data/snaphu-2.0.4/src/snaphu_tile.c:1836:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(params->rmtmptile && !strlen(outfiles->costoutfile)){
data/snaphu-2.0.4/src/snaphu_tile.c:1880:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(params->rmtmptile && !strlen(outfiles->costoutfile)){
data/snaphu-2.0.4/src/snaphu_util.c:1002:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
s=strncpy(dest,src,n-1);
data/snaphu-2.0.4/src/snaphu_util.c:1070:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(endp) || tempdouble>=HUGE_VAL || tempdouble<=-HUGE_VAL){
data/snaphu-2.0.4/src/snaphu_util.c:1092:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(endp) || templong==LONG_MAX || templong==LONG_MIN){
ANALYSIS SUMMARY:
Hits = 217
Lines analyzed = 19924 in approximately 0.56 seconds (35619 lines/second)
Physical Source Lines of Code (SLOC) = 14196
Hits@level = [0] 530 [1] 103 [2] 83 [3] 0 [4] 31 [5] 0
Hits@level+ = [0+] 747 [1+] 217 [2+] 114 [3+] 31 [4+] 31 [5+] 0
Hits/KSLOC@level+ = [0+] 52.6205 [1+] 15.286 [2+] 8.03043 [3+] 2.18371 [4+] 2.18371 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.