Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/theli-3.0.3/src/instrumentdefinition.h Examining data/theli-3.0.3/src/preferences.h Examining data/theli-3.0.3/src/tasks.cc Examining data/theli-3.0.3/src/datamodel/datamodel.cc Examining data/theli-3.0.3/src/datamodel/datamodel.h Examining data/theli-3.0.3/src/imagestatistics/imagestatistics.h Examining data/theli-3.0.3/src/imagestatistics/imagestatistics_plotting.cc Examining data/theli-3.0.3/src/imagestatistics/imagestatistics_events.cc Examining data/theli-3.0.3/src/imagestatistics/imagestatistics.cc Examining data/theli-3.0.3/src/processingInternal/processingCreateSourceCat.cc Examining data/theli-3.0.3/src/processingInternal/processingSkysub.cc Examining data/theli-3.0.3/src/processingInternal/data.h Examining data/theli-3.0.3/src/processingInternal/processingBackground.cc Examining data/theli-3.0.3/src/processingInternal/processingSplitter.cc Examining data/theli-3.0.3/src/processingInternal/controller.h Examining data/theli-3.0.3/src/processingInternal/processingAncillary.cc Examining data/theli-3.0.3/src/processingInternal/data.cc Examining data/theli-3.0.3/src/processingInternal/processingAstrometry.cc Examining data/theli-3.0.3/src/processingInternal/controller.cc Examining data/theli-3.0.3/src/processingInternal/displayconfig.cc Examining data/theli-3.0.3/src/processingInternal/photinst.h Examining data/theli-3.0.3/src/processingInternal/mask.cc Examining data/theli-3.0.3/src/processingInternal/processingCoadd.cc Examining data/theli-3.0.3/src/processingInternal/processingWeight.cc Examining data/theli-3.0.3/src/processingInternal/photinst.cc Examining data/theli-3.0.3/src/processingInternal/processingCalibration.cc Examining data/theli-3.0.3/src/processingInternal/mask.h Examining data/theli-3.0.3/src/processingInternal/dictionaries.cc Examining data/theli-3.0.3/src/processingInternal/processingCollapse.cc Examining data/theli-3.0.3/src/mainwindow.h Examining data/theli-3.0.3/src/deepmessages.cc Examining data/theli-3.0.3/src/consistencychecks.cc Examining data/theli-3.0.3/src/datadir.cc Examining data/theli-3.0.3/src/query/query.h Examining data/theli-3.0.3/src/query/query.cc Examining data/theli-3.0.3/src/colorpicture/colorpicture.cc Examining data/theli-3.0.3/src/colorpicture/subtaskfits2tiff.cc Examining data/theli-3.0.3/src/colorpicture/subtaskbbnb.cc Examining data/theli-3.0.3/src/colorpicture/refcatdata.h Examining data/theli-3.0.3/src/colorpicture/refcatdata.cc Examining data/theli-3.0.3/src/colorpicture/colorpicture.h Examining data/theli-3.0.3/src/colorpicture/subtaskColorcalib.cc Examining data/theli-3.0.3/src/colorpicture/subtaskCropcoadd.cc Examining data/theli-3.0.3/src/main.cc Examining data/theli-3.0.3/src/dockwidgets/validate_confdock.cc Examining data/theli-3.0.3/src/dockwidgets/confdockwidget.cc Examining data/theli-3.0.3/src/dockwidgets/monitor.cc Examining data/theli-3.0.3/src/dockwidgets/monitor.h Examining data/theli-3.0.3/src/dockwidgets/confdockwidget.h Examining data/theli-3.0.3/src/dockwidgets/memoryviewer.cc Examining data/theli-3.0.3/src/dockwidgets/defaults.cc Examining data/theli-3.0.3/src/dockwidgets/memoryviewer.h Examining data/theli-3.0.3/src/processingExternal/errordialog.h Examining data/theli-3.0.3/src/processingExternal/errordialog.cc Examining data/theli-3.0.3/src/threading/worker.cc Examining data/theli-3.0.3/src/threading/scampworker.cc Examining data/theli-3.0.3/src/threading/colorpictureworker.cc Examining data/theli-3.0.3/src/threading/mainguiworker.h Examining data/theli-3.0.3/src/threading/worker.h Examining data/theli-3.0.3/src/threading/mainguiworker.cc Examining data/theli-3.0.3/src/threading/swarpworker.cc Examining data/theli-3.0.3/src/threading/abszpworker.cc Examining data/theli-3.0.3/src/threading/anetworker.h Examining data/theli-3.0.3/src/threading/sourceextractorworker.cc Examining data/theli-3.0.3/src/threading/anetworker.cc Examining data/theli-3.0.3/src/threading/abszpworker.h Examining data/theli-3.0.3/src/threading/swarpworker.h Examining data/theli-3.0.3/src/threading/colorpictureworker.h Examining data/theli-3.0.3/src/threading/sourceextractorworker.h Examining data/theli-3.0.3/src/threading/memoryworker.cc Examining data/theli-3.0.3/src/threading/scampworker.h Examining data/theli-3.0.3/src/threading/memoryworker.h Examining data/theli-3.0.3/src/taskinfrastructure.cc Examining data/theli-3.0.3/src/tools/cpu.cc Examining data/theli-3.0.3/src/tools/swarpfilter.h Examining data/theli-3.0.3/src/tools/polygon.cc Examining data/theli-3.0.3/src/tools/fitgauss1d.cc Examining data/theli-3.0.3/src/tools/imagequality.h Examining data/theli-3.0.3/src/tools/splitter_processingGeneric.cc Examining data/theli-3.0.3/src/tools/debayer.cc Examining data/theli-3.0.3/src/tools/polygon.h Examining data/theli-3.0.3/src/tools/cfitsioerrorcodes.cc Examining data/theli-3.0.3/src/tools/splitter_buildHeader.cc Examining data/theli-3.0.3/src/tools/splitter_queryHeaderLists.cc Examining data/theli-3.0.3/src/tools/cpu.h Examining data/theli-3.0.3/src/tools/imagequality.cc Examining data/theli-3.0.3/src/tools/splitter.h Examining data/theli-3.0.3/src/tools/tools.cc Examining data/theli-3.0.3/src/tools/correlator.h Examining data/theli-3.0.3/src/tools/cfitsioerrorcodes.h Examining data/theli-3.0.3/src/tools/fitting.h Examining data/theli-3.0.3/src/tools/swarpfilter.cc Examining data/theli-3.0.3/src/tools/detectedobject.h Examining data/theli-3.0.3/src/tools/ram.cc Examining data/theli-3.0.3/src/tools/ram.h Examining data/theli-3.0.3/src/tools/detectedobject.cc Examining data/theli-3.0.3/src/tools/splitter.cc Examining data/theli-3.0.3/src/tools/correlator.cc Examining data/theli-3.0.3/src/tools/fitgauss1d.h Examining data/theli-3.0.3/src/tools/fileprogresscounter.cc Examining data/theli-3.0.3/src/tools/fileprogresscounter.h Examining data/theli-3.0.3/src/tools/splitter_multiport.cc Examining data/theli-3.0.3/src/tools/splitter_processingSpecific.cc Examining data/theli-3.0.3/src/tools/xcorr.cc Examining data/theli-3.0.3/src/tools/fitting.cc Examining data/theli-3.0.3/src/tools/splitter_RAW.cc Examining data/theli-3.0.3/src/tools/tools.h Examining data/theli-3.0.3/src/readmes/imstatsreadme.h Examining data/theli-3.0.3/src/readmes/multidirreadme.cc Examining data/theli-3.0.3/src/readmes/multidirreadme.h Examining data/theli-3.0.3/src/readmes/acknowledging.cc Examining data/theli-3.0.3/src/readmes/scampreadme.h Examining data/theli-3.0.3/src/readmes/swarpreadme.h Examining data/theli-3.0.3/src/readmes/acknowledging.h Examining data/theli-3.0.3/src/readmes/imstatsreadme.cc Examining data/theli-3.0.3/src/readmes/swarpreadme.cc Examining data/theli-3.0.3/src/readmes/license.h Examining data/theli-3.0.3/src/readmes/license.cc Examining data/theli-3.0.3/src/readmes/scampreadme.cc Examining data/theli-3.0.3/src/myimage/weighting.cc Examining data/theli-3.0.3/src/myimage/background.cc Examining data/theli-3.0.3/src/myimage/skysub.cc Examining data/theli-3.0.3/src/myimage/writefits.cc Examining data/theli-3.0.3/src/myimage/fitsinterface.cc Examining data/theli-3.0.3/src/myimage/tifftools.cc Examining data/theli-3.0.3/src/myimage/myimage.cc Examining data/theli-3.0.3/src/myimage/astrometrynet.cc Examining data/theli-3.0.3/src/myimage/memoryoperations.cc Examining data/theli-3.0.3/src/myimage/myimage.h Examining data/theli-3.0.3/src/myimage/sourceextractor.cc Examining data/theli-3.0.3/src/myimage/segmentation.cc Examining data/theli-3.0.3/src/status.h Examining data/theli-3.0.3/src/status.cc Examining data/theli-3.0.3/src/instrumentdata.h Examining data/theli-3.0.3/src/abszp/absphot.cc Examining data/theli-3.0.3/src/abszp/abszeropoint.cc Examining data/theli-3.0.3/src/abszp/absphot.h Examining data/theli-3.0.3/src/abszp/abszeropoint.h Examining data/theli-3.0.3/src/validators.cc Examining data/theli-3.0.3/src/settings.cc Examining data/theli-3.0.3/src/processingStatus/processingStatus.h Examining data/theli-3.0.3/src/processingStatus/processingStatus.cc Examining data/theli-3.0.3/src/datadir.h Examining data/theli-3.0.3/src/preferences.cc Examining data/theli-3.0.3/src/mainwindow.cc Examining data/theli-3.0.3/src/instrumentdefinition.cc Examining data/theli-3.0.3/src/functions.cc Examining data/theli-3.0.3/src/functions.h Examining data/theli-3.0.3/src/iview/iview.h Examining data/theli-3.0.3/src/iview/wavelet/wavelet.h Examining data/theli-3.0.3/src/iview/mygraphicsscene.cc Examining data/theli-3.0.3/src/iview/mygraphicsview.h Examining data/theli-3.0.3/src/iview/events.cc Examining data/theli-3.0.3/src/iview/dockwidgets/ivconfdockwidget.cc Examining data/theli-3.0.3/src/iview/dockwidgets/ivcolordockwidget.h Examining data/theli-3.0.3/src/iview/dockwidgets/ivwcsdockwidget.cc Examining data/theli-3.0.3/src/iview/dockwidgets/ivwcsdockwidget.h Examining data/theli-3.0.3/src/iview/dockwidgets/ivcolordockwidget.cc Examining data/theli-3.0.3/src/iview/dockwidgets/ivscampdockwidget.cc Examining data/theli-3.0.3/src/iview/dockwidgets/ivconfdockwidget.h Examining data/theli-3.0.3/src/iview/dockwidgets/ivscampdockwidget.h Examining data/theli-3.0.3/src/iview/mygraphicsscene.h Examining data/theli-3.0.3/src/iview/constructors.cc Examining data/theli-3.0.3/src/iview/mygraphicsellipseitem.cc Examining data/theli-3.0.3/src/iview/iview.cc Examining data/theli-3.0.3/src/iview/actions.cc Examining data/theli-3.0.3/src/iview/mygraphicsview.cc Examining data/theli-3.0.3/src/iview/mygraphicsellipseitem.h Examining data/theli-3.0.3/src/qcustomplot.h Examining data/theli-3.0.3/src/qcustomplot.cpp FINAL RESULTS: data/theli-3.0.3/src/colorpicture/colorpicture.cc:437:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( file.open(QIODevice::ReadOnly)) { data/theli-3.0.3/src/colorpicture/subtaskColorcalib.cc:292:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( !outcat_iview.open(QIODevice::WriteOnly)) { data/theli-3.0.3/src/dockwidgets/confdockwidget.cc:640:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( header.open(QIODevice::ReadOnly)) { data/theli-3.0.3/src/dockwidgets/confdockwidget.cc:1162:45: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!coeffsFile.exists() || !coeffsFile.open(QIODevice::ReadOnly)) { data/theli-3.0.3/src/dockwidgets/memoryviewer.cc:58:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QFile::ReadOnly); data/theli-3.0.3/src/functions.cc:61:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!file->open(QIODevice::ReadOnly)) { data/theli-3.0.3/src/functions.cc:1380:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( !file.open(QIODevice::ReadOnly)) { data/theli-3.0.3/src/instrumentdefinition.cc:339:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (configfile.open(QIODevice::WriteOnly)) { data/theli-3.0.3/src/instrumentdefinition.cc:475:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( instrumentFile.open(QIODevice::ReadOnly)) { data/theli-3.0.3/src/iview/events.cc:616:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (skysamples.open(QIODevice::WriteOnly)) { data/theli-3.0.3/src/iview/iview.cc:764:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( catalog.open(QIODevice::ReadOnly)) { data/theli-3.0.3/src/iview/iview.cc:903:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( file.open(QIODevice::ReadOnly)) { data/theli-3.0.3/src/mainwindow.cc:572:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QFile::ReadOnly); data/theli-3.0.3/src/mainwindow.cc:925:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( !instDataFile.open(QIODevice::ReadOnly)) { data/theli-3.0.3/src/myimage/astrometrynet.cc:107:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char card[FLEN_CARD]; data/theli-3.0.3/src/myimage/fitsinterface.cc:39:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filterchar[80]; data/theli-3.0.3/src/myimage/myimage.cc:326:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!file.open(QIODevice::ReadOnly)) { data/theli-3.0.3/src/myimage/myimage.cc:335:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!file.open(QIODevice::ReadOnly)) { data/theli-3.0.3/src/myimage/myimage.cc:412:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!file.open(QIODevice::WriteOnly)) { data/theli-3.0.3/src/myimage/myimage.cc:423:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char card[FLEN_CARD]; data/theli-3.0.3/src/myimage/myimage.cc:985:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zerohead[80] = {0}; data/theli-3.0.3/src/myimage/segmentation.cc:441:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xwinName[100] = "XWIN_IMAGE"; data/theli-3.0.3/src/myimage/segmentation.cc:442:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ywinName[100] = "YWIN_IMAGE"; data/theli-3.0.3/src/myimage/segmentation.cc:443:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char alphaName[100] = "ALPHA_J2000"; data/theli-3.0.3/src/myimage/segmentation.cc:444:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char deltaName[100] = "DELTA_J2000"; data/theli-3.0.3/src/myimage/segmentation.cc:445:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fwhmName[100] = "FWHM_IMAGE"; data/theli-3.0.3/src/myimage/segmentation.cc:446:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ellName[100] = "ELLIPTICITY"; data/theli-3.0.3/src/myimage/segmentation.cc:447:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magName[100] = "MAG_AUTO"; data/theli-3.0.3/src/myimage/segmentation.cc:448:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flagName[100] = "FLAGS"; data/theli-3.0.3/src/myimage/segmentation.cc:627:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::WriteOnly)) { data/theli-3.0.3/src/myimage/segmentation.cc:647:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char x[100] = "X"; data/theli-3.0.3/src/myimage/segmentation.cc:648:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char y[100] = "Y"; data/theli-3.0.3/src/myimage/segmentation.cc:649:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mag[100] = "MAG"; data/theli-3.0.3/src/myimage/segmentation.cc:650:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ttype[3] = {x, y, mag}; data/theli-3.0.3/src/myimage/segmentation.cc:651:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf1[10] = "1D"; data/theli-3.0.3/src/myimage/segmentation.cc:652:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf2[10] = "1D"; data/theli-3.0.3/src/myimage/segmentation.cc:653:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf3[10] = "1E"; data/theli-3.0.3/src/myimage/segmentation.cc:654:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tform[3] = {tf1, tf2, tf3}; data/theli-3.0.3/src/myimage/segmentation.cc:723:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[100] = "Field Header Card"; data/theli-3.0.3/src/myimage/segmentation.cc:724:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ttype1[1] = {name}; data/theli-3.0.3/src/myimage/segmentation.cc:739:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf0[100]; data/theli-3.0.3/src/myimage/segmentation.cc:740:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tf0, "%ldA", headerLength); data/theli-3.0.3/src/myimage/segmentation.cc:741:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tform1[1] = {tf0}; data/theli-3.0.3/src/myimage/segmentation.cc:742:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *headerstring[1]; data/theli-3.0.3/src/myimage/segmentation.cc:748:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xwin[100] = "XWIN_IMAGE"; data/theli-3.0.3/src/myimage/segmentation.cc:749:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ywin[100] = "YWIN_IMAGE"; data/theli-3.0.3/src/myimage/segmentation.cc:750:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char erra[100] = "ERRAWIN_IMAGE"; data/theli-3.0.3/src/myimage/segmentation.cc:751:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errb[100] = "ERRBWIN_IMAGE"; data/theli-3.0.3/src/myimage/segmentation.cc:752:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errt[100] = "ERRTHETAWIN_IMAGE"; data/theli-3.0.3/src/myimage/segmentation.cc:753:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flux[100] = "FLUX_AUTO"; data/theli-3.0.3/src/myimage/segmentation.cc:754:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fluxerr[100] = "FLUXERR_AUTO"; data/theli-3.0.3/src/myimage/segmentation.cc:755:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flags[100] = "FLAGS"; data/theli-3.0.3/src/myimage/segmentation.cc:756:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char alpha[100] = "ALPHA_J2000"; data/theli-3.0.3/src/myimage/segmentation.cc:757:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char delta[100] = "DELTA_J2000"; data/theli-3.0.3/src/myimage/segmentation.cc:758:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fwhm[100] = "FWHM_IMAGE"; data/theli-3.0.3/src/myimage/segmentation.cc:759:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mag[100] = "MAG_AUTO"; data/theli-3.0.3/src/myimage/segmentation.cc:760:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ell[100] = "ELLIPTICITY"; data/theli-3.0.3/src/myimage/segmentation.cc:761:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ttype2[13] = {xwin, ywin, erra, errb, errt, flux, fluxerr, flags, alpha, delta, fwhm, mag, ell}; data/theli-3.0.3/src/myimage/segmentation.cc:763:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf1[10] = "1E"; data/theli-3.0.3/src/myimage/segmentation.cc:764:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf2[10] = "1E"; data/theli-3.0.3/src/myimage/segmentation.cc:765:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf3[10] = "1E"; data/theli-3.0.3/src/myimage/segmentation.cc:766:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf4[10] = "1E"; data/theli-3.0.3/src/myimage/segmentation.cc:767:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf5[10] = "1E"; data/theli-3.0.3/src/myimage/segmentation.cc:768:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf6[10] = "1E"; data/theli-3.0.3/src/myimage/segmentation.cc:769:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf7[10] = "1E"; data/theli-3.0.3/src/myimage/segmentation.cc:770:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf8[10] = "1I"; data/theli-3.0.3/src/myimage/segmentation.cc:771:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf9[10] = "1D"; data/theli-3.0.3/src/myimage/segmentation.cc:772:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf10[10] = "1D"; data/theli-3.0.3/src/myimage/segmentation.cc:773:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf11[10] = "1E"; data/theli-3.0.3/src/myimage/segmentation.cc:774:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf12[10] = "1E"; data/theli-3.0.3/src/myimage/segmentation.cc:775:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf13[10] = "1E"; data/theli-3.0.3/src/myimage/segmentation.cc:776:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tform2[13] = {tf1, tf2, tf3, tf4, tf5, tf6, tf7, tf8, tf9, tf10, tf11, tf12, tf13}; data/theli-3.0.3/src/myimage/sourceextractor.cc:113:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tblname[100] = "LDAC_OBJECTS"; data/theli-3.0.3/src/myimage/sourceextractor.cc:137:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tblname[100] = "LDAC_OBJECTS"; data/theli-3.0.3/src/myimage/sourceextractor.cc:146:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fwhmName[100] = "FWHM_IMAGE"; data/theli-3.0.3/src/myimage/sourceextractor.cc:147:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ellName[100] = "ELLIPTICITY"; data/theli-3.0.3/src/myimage/sourceextractor.cc:190:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tblname[100] = "LDAC_OBJECTS"; data/theli-3.0.3/src/myimage/sourceextractor.cc:202:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xwinName[100] = "XWIN_IMAGE"; data/theli-3.0.3/src/myimage/sourceextractor.cc:203:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ywinName[100] = "YWIN_IMAGE"; data/theli-3.0.3/src/myimage/sourceextractor.cc:204:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char awinName[100] = "AWIN_IMAGE"; data/theli-3.0.3/src/myimage/sourceextractor.cc:205:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bwinName[100] = "BWIN_IMAGE"; data/theli-3.0.3/src/myimage/sourceextractor.cc:206:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char thetawinName[100] = "THETAWIN_IMAGE"; data/theli-3.0.3/src/myimage/sourceextractor.cc:232:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::WriteOnly)) { data/theli-3.0.3/src/myimage/sourceextractor.cc:282:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char x[100] = "X"; data/theli-3.0.3/src/myimage/sourceextractor.cc:283:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char y[100] = "Y"; data/theli-3.0.3/src/myimage/sourceextractor.cc:284:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mag[100] = "MAG"; data/theli-3.0.3/src/myimage/sourceextractor.cc:285:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ttype[3] = {x, y, mag}; data/theli-3.0.3/src/myimage/sourceextractor.cc:286:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf1[10] = "1D"; data/theli-3.0.3/src/myimage/sourceextractor.cc:287:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf2[10] = "1D"; data/theli-3.0.3/src/myimage/sourceextractor.cc:288:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf3[10] = "1E"; data/theli-3.0.3/src/myimage/sourceextractor.cc:289:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tform[3] = {tf1, tf2, tf3}; data/theli-3.0.3/src/myimage/sourceextractor.cc:300:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xName[100] = "XWIN_IMAGE"; data/theli-3.0.3/src/myimage/sourceextractor.cc:301:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yName[100] = "YWIN_IMAGE"; data/theli-3.0.3/src/myimage/sourceextractor.cc:302:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magName[100] = "MAG_AUTO"; data/theli-3.0.3/src/processingInternal/controller.cc:807:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( !coeffsFile.open(QIODevice::ReadOnly)) { data/theli-3.0.3/src/processingInternal/processingAncillary.cc:206:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( !file.open(QIODevice::WriteOnly)) { data/theli-3.0.3/src/processingInternal/processingAstrometry.cc:180:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!MEF.open(QIODevice::ReadOnly)) { data/theli-3.0.3/src/processingInternal/processingAstrometry.cc:223:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!MEF.open(QIODevice::ReadOnly)) { data/theli-3.0.3/src/processingInternal/processingAstrometry.cc:308:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!MEF.open(QIODevice::ReadOnly)) { data/theli-3.0.3/src/processingInternal/processingAstrometry.cc:321:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( !HEAD.open(QIODevice::WriteOnly)) { data/theli-3.0.3/src/processingInternal/processingAstrometry.cc:498:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( !backendConfig.open(QIODevice::WriteOnly)) { data/theli-3.0.3/src/processingInternal/processingAstrometry.cc:560:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( !aheaderFile.open(QIODevice::WriteOnly)) { data/theli-3.0.3/src/processingInternal/processingAstrometry.cc:757:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( !catFile.open(QIODevice::WriteOnly)) { data/theli-3.0.3/src/processingInternal/processingAstrometry.cc:814:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( !aheadFile.open(QIODevice::WriteOnly)) { data/theli-3.0.3/src/processingInternal/processingAstrometry.cc:887:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly)) { data/theli-3.0.3/src/processingInternal/processingCoadd.cc:416:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( !headerFileOld.open(QIODevice::ReadOnly)) { data/theli-3.0.3/src/processingInternal/processingCoadd.cc:425:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( !headerFileNew.open(QIODevice::WriteOnly)) { data/theli-3.0.3/src/processingInternal/processingCoadd.cc:470:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!coaddHeadOld.open(QIODevice::ReadOnly)) { data/theli-3.0.3/src/processingInternal/processingCoadd.cc:529:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!coaddHeadNew.open(QIODevice::WriteOnly)) { data/theli-3.0.3/src/processingInternal/processingCoadd.cc:698:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::WriteOnly)) { data/theli-3.0.3/src/processingInternal/processingCoadd.cc:862:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::WriteOnly)) { data/theli-3.0.3/src/processingInternal/processingCoadd.cc:915:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!coaddHead.open(QIODevice::ReadOnly)) { data/theli-3.0.3/src/processingInternal/processingCoadd.cc:1127:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fileIn.open(QIODevice::ReadOnly)) { data/theli-3.0.3/src/processingInternal/processingCoadd.cc:1134:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fileOut.open(QIODevice::WriteOnly)) { data/theli-3.0.3/src/processingInternal/processingSplitter.cc:175:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filterChip1[80]; data/theli-3.0.3/src/processingInternal/processingSplitter.cc:176:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dateObsChip1[80]; data/theli-3.0.3/src/processingInternal/processingSplitter.cc:340:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( !altInstDataFile.open(QIODevice::ReadOnly)) { data/theli-3.0.3/src/processingStatus/processingStatus.cc:46:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( !file.open(QIODevice::WriteOnly)) { data/theli-3.0.3/src/processingStatus/processingStatus.cc:74:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!file.open(QIODevice::ReadOnly)) { data/theli-3.0.3/src/qcustomplot.cpp:19881:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pixels.at(y), pixels.first(), n*sizeof(QRgb)); data/theli-3.0.3/src/qcustomplot.cpp:25108:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mData, other.mData, sizeof(mData[0])*keySize*valueSize); data/theli-3.0.3/src/qcustomplot.cpp:25110:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mAlpha, other.mAlpha, sizeof(mAlpha[0])*keySize*valueSize); data/theli-3.0.3/src/qcustomplot.cpp:26214:3: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(0), data/theli-3.0.3/src/qcustomplot.cpp:26224:55: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QCPFinancialData::QCPFinancialData(double key, double open, double high, double low, double close) : data/theli-3.0.3/src/qcustomplot.cpp:26226:3: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(open), data/theli-3.0.3/src/qcustomplot.cpp:26226:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(open), data/theli-3.0.3/src/qcustomplot.cpp:26357:80: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void QCPFinancial::setData(const QVector<double> &keys, const QVector<double> &open, const QVector<double> &high, const QVector<double> &low, const QVector<double> &close, bool alreadySorted) data/theli-3.0.3/src/qcustomplot.cpp:26360:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). addData(keys, open, high, low, close, alreadySorted); data/theli-3.0.3/src/qcustomplot.cpp:26478:80: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void QCPFinancial::addData(const QVector<double> &keys, const QVector<double> &open, const QVector<double> &high, const QVector<double> &low, const QVector<double> &close, bool alreadySorted) data/theli-3.0.3/src/qcustomplot.cpp:26480:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (keys.size() != open.size() || open.size() != high.size() || high.size() != low.size() || low.size() != close.size() || close.size() != keys.size()) data/theli-3.0.3/src/qcustomplot.cpp:26480:37: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (keys.size() != open.size() || open.size() != high.size() || high.size() != low.size() || low.size() != close.size() || close.size() != keys.size()) data/theli-3.0.3/src/qcustomplot.cpp:26481:103: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). qDebug() << Q_FUNC_INFO << "keys, open, high, low, close have different sizes:" << keys.size() << open.size() << high.size() << low.size() << close.size(); data/theli-3.0.3/src/qcustomplot.cpp:26482:40: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). const int n = qMin(keys.size(), qMin(open.size(), qMin(high.size(), qMin(low.size(), close.size())))); data/theli-3.0.3/src/qcustomplot.cpp:26490:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). it->open = open[i]; data/theli-3.0.3/src/qcustomplot.cpp:26510:47: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void QCPFinancial::addData(double key, double open, double high, double low, double close) data/theli-3.0.3/src/qcustomplot.cpp:26512:45: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mDataContainer->add(QCPFinancialData(key, open, high, low, close)); data/theli-3.0.3/src/qcustomplot.cpp:26767:42: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). painter->setPen(it->close >= it->open ? mPenPositive : mPenNegative); data/theli-3.0.3/src/qcustomplot.cpp:26771:54: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). double openPixel = valueAxis->coordToPixel(it->open); data/theli-3.0.3/src/qcustomplot.cpp:26788:42: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). painter->setPen(it->close >= it->open ? mPenPositive : mPenNegative); data/theli-3.0.3/src/qcustomplot.cpp:26792:54: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). double openPixel = valueAxis->coordToPixel(it->open); data/theli-3.0.3/src/qcustomplot.cpp:26827:42: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). painter->setPen(it->close >= it->open ? mPenPositive : mPenNegative); data/theli-3.0.3/src/qcustomplot.cpp:26828:44: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). painter->setBrush(it->close >= it->open ? mBrushPositive : mBrushNegative); data/theli-3.0.3/src/qcustomplot.cpp:26835:54: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). double openPixel = valueAxis->coordToPixel(it->open); data/theli-3.0.3/src/qcustomplot.cpp:26838:130: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). painter->drawLine(QPointF(keyPixel, valueAxis->coordToPixel(it->high)), QPointF(keyPixel, valueAxis->coordToPixel(qMax(it->open, it->close)))); data/theli-3.0.3/src/qcustomplot.cpp:26840:129: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). painter->drawLine(QPointF(keyPixel, valueAxis->coordToPixel(it->low)), QPointF(keyPixel, valueAxis->coordToPixel(qMin(it->open, it->close)))); data/theli-3.0.3/src/qcustomplot.cpp:26855:42: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). painter->setPen(it->close >= it->open ? mPenPositive : mPenNegative); data/theli-3.0.3/src/qcustomplot.cpp:26856:44: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). painter->setBrush(it->close >= it->open ? mBrushPositive : mBrushNegative); data/theli-3.0.3/src/qcustomplot.cpp:26863:54: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). double openPixel = valueAxis->coordToPixel(it->open); data/theli-3.0.3/src/qcustomplot.cpp:26866:120: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). painter->drawLine(QPointF(valueAxis->coordToPixel(it->high), keyPixel), QPointF(valueAxis->coordToPixel(qMax(it->open, it->close)), keyPixel)); data/theli-3.0.3/src/qcustomplot.cpp:26868:119: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). painter->drawLine(QPointF(valueAxis->coordToPixel(it->low), keyPixel), QPointF(valueAxis->coordToPixel(qMin(it->open, it->close)), keyPixel)); data/theli-3.0.3/src/qcustomplot.cpp:26993:45: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QCPRange boxValueRange(it->close, it->open); data/theli-3.0.3/src/qcustomplot.cpp:27003:186: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). double highLineDistSqr = QCPVector2D(pos).distanceSquaredToLine(QCPVector2D(keyPixel, valueAxis->coordToPixel(it->high)), QCPVector2D(keyPixel, valueAxis->coordToPixel(qMax(it->open, it->close)))); data/theli-3.0.3/src/qcustomplot.cpp:27004:184: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). double lowLineDistSqr = QCPVector2D(pos).distanceSquaredToLine(QCPVector2D(keyPixel, valueAxis->coordToPixel(it->low)), QCPVector2D(keyPixel, valueAxis->coordToPixel(qMin(it->open, it->close)))); data/theli-3.0.3/src/qcustomplot.cpp:27020:45: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QCPRange boxValueRange(it->close, it->open); data/theli-3.0.3/src/qcustomplot.cpp:27030:176: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). double highLineDistSqr = QCPVector2D(pos).distanceSquaredToLine(QCPVector2D(valueAxis->coordToPixel(it->high), keyPixel), QCPVector2D(valueAxis->coordToPixel(qMax(it->open, it->close)), keyPixel)); data/theli-3.0.3/src/qcustomplot.cpp:27031:174: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). double lowLineDistSqr = QCPVector2D(pos).distanceSquaredToLine(QCPVector2D(valueAxis->coordToPixel(it->low), keyPixel), QCPVector2D(valueAxis->coordToPixel(qMin(it->open, it->close)), keyPixel)); data/theli-3.0.3/src/qcustomplot.h:5831:39: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QCPFinancialData(double key, double open, double high, double low, double close); data/theli-3.0.3/src/qcustomplot.h:5838:44: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inline double mainValue() const { return open; } data/theli-3.0.3/src/qcustomplot.h:5842:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). double key, open, high, low, close; data/theli-3.0.3/src/qcustomplot.h:5910:68: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void setData(const QVector<double> &keys, const QVector<double> &open, const QVector<double> &high, const QVector<double> &low, const QVector<double> &close, bool alreadySorted=false); data/theli-3.0.3/src/qcustomplot.h:5921:68: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void addData(const QVector<double> &keys, const QVector<double> &open, const QVector<double> &high, const QVector<double> &low, const QVector<double> &close, bool alreadySorted=false); data/theli-3.0.3/src/qcustomplot.h:5922:35: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void addData(double key, double open, double high, double low, double close); data/theli-3.0.3/src/query/query.cc:549:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( !outcat_iview.open(QIODevice::WriteOnly)) { data/theli-3.0.3/src/query/query.cc:606:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( !outcat_iview.open(QIODevice::WriteOnly)) { data/theli-3.0.3/src/query/query.cc:693:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( !outcat_iview.open(QIODevice::WriteOnly)) { data/theli-3.0.3/src/query/query.cc:742:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( !outcat_iview.open(QIODevice::WriteOnly)) { data/theli-3.0.3/src/query/query.cc:1155:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xworld[100] = "X_WORLD"; data/theli-3.0.3/src/query/query.cc:1156:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yworld[100] = "Y_WORLD"; data/theli-3.0.3/src/query/query.cc:1157:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mag[100] = "MAG"; data/theli-3.0.3/src/query/query.cc:1158:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magerr[100] = "MAGERR"; data/theli-3.0.3/src/query/query.cc:1159:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char erra[100] = "ERRA_WORLD"; data/theli-3.0.3/src/query/query.cc:1160:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errb[100] = "ERRB_WORLD"; data/theli-3.0.3/src/query/query.cc:1161:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errt[100] = "ERRTHETA_WORLD"; // scamp does not complain if this key is absent data/theli-3.0.3/src/query/query.cc:1162:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flags[100] = "FLAGS"; data/theli-3.0.3/src/query/query.cc:1163:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char obsdate[100] = "OBSDATE"; data/theli-3.0.3/src/query/query.cc:1165:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ttype[9] = {xworld, yworld, mag, magerr, erra, errb, errt, flags, obsdate}; data/theli-3.0.3/src/query/query.cc:1167:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf1[10] = "1D"; data/theli-3.0.3/src/query/query.cc:1168:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf2[10] = "1D"; data/theli-3.0.3/src/query/query.cc:1169:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf3[10] = "1E"; data/theli-3.0.3/src/query/query.cc:1170:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf4[10] = "1E"; data/theli-3.0.3/src/query/query.cc:1171:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf5[10] = "1E"; data/theli-3.0.3/src/query/query.cc:1172:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf6[10] = "1E"; data/theli-3.0.3/src/query/query.cc:1173:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf7[10] = "1E"; data/theli-3.0.3/src/query/query.cc:1174:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf8[10] = "1I"; data/theli-3.0.3/src/query/query.cc:1175:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf9[10] = "1E"; data/theli-3.0.3/src/query/query.cc:1177:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tform[9] = {tf1, tf2, tf3, tf4, tf5, tf6, tf7, tf8, tf9}; data/theli-3.0.3/src/query/query.cc:1247:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xworld[100] = "RA"; data/theli-3.0.3/src/query/query.cc:1248:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yworld[100] = "DEC"; data/theli-3.0.3/src/query/query.cc:1249:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mag[100] = "MAG"; data/theli-3.0.3/src/query/query.cc:1250:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ttype[3] = {xworld, yworld, mag}; data/theli-3.0.3/src/query/query.cc:1251:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf1[10] = "1D"; data/theli-3.0.3/src/query/query.cc:1252:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf2[10] = "1D"; data/theli-3.0.3/src/query/query.cc:1253:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf3[10] = "1E"; data/theli-3.0.3/src/query/query.cc:1254:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tform[3] = {tf1, tf2, tf3}; data/theli-3.0.3/src/query/query.cc:1340:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( !outcat_iview.open(QIODevice::WriteOnly)) { data/theli-3.0.3/src/query/query.cc:1367:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( !file.open(QIODevice::WriteOnly)) { data/theli-3.0.3/src/taskinfrastructure.cc:852:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( !file.open(QIODevice::ReadOnly)) { data/theli-3.0.3/src/taskinfrastructure.cc:1016:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filter[80]; data/theli-3.0.3/src/tools/cpu.cc:44:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( !file.open(QIODevice::ReadOnly)) { data/theli-3.0.3/src/tools/polygon.cc:225:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( !file.open(QIODevice::ReadOnly)) { data/theli-3.0.3/src/tools/polygon.cc:275:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( !file.open(QIODevice::ReadOnly)) { data/theli-3.0.3/src/tools/ram.cc:44:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( !file.open(QIODevice::ReadOnly)) { data/theli-3.0.3/src/tools/swarpfilter.cc:148:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!coaddHead.open(QIODevice::ReadOnly)) { data/theli-3.0.3/src/myimage/myimage.cc:451:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). long dim = strlen(fullheader); data/theli-3.0.3/src/myimage/segmentation.cc:738:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). long headerLength = strlen(fullheader); ANALYSIS SUMMARY: Hits = 205 Lines analyzed = 91400 in approximately 2.43 seconds (37671 lines/second) Physical Source Lines of Code (SLOC) = 57840 Hits@level = [0] 0 [1] 2 [2] 203 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 205 [1+] 205 [2+] 203 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 3.54426 [1+] 3.54426 [2+] 3.50968 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.