Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/Obm.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/Obm.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Arrow.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Arrow.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ArrowP.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Board.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Board.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/BoardP.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Button.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Button.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ButtonP.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Common.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Common.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/CommonP.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Container.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Converters.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/DrawIString.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/DrawString.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/DrawingArea.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/DrawingArea.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/DrawingAreaP.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Frame.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Frame.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/FrameP.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Gcs.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Gcs.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Group.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Group.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GroupP.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Gterm.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Gterm.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermCmap.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermCnv.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermDebug.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermGraphics.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMapping.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermP.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermUtil.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Icon.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Icon.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/IconP.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Label.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Label.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/LabelP.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Layout.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Layout.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/LayoutP.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTreeP.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/MenuBar.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/MenuBar.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/MenuBarP.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/MultiList.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/MultiList.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/MultiListP.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/RadioGrp.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/RadioGrp.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/RadioGrpP.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/RowCol.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/RowCol.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/RowColP.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Scrollbar.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Scrollbar.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ScrollbarP.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Separator.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Slider2.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Slider2.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Slider2P.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/TabString.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Tablist2Tabs.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Tabs.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Tabs.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/TabsP.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/TextWidth.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Toggle.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Toggle.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ToggleP.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Xraw/3d.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Xraw/Container.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Xraw/ContainerP.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Xraw/Frame.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Xraw/Scrollbar.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Xraw/Separator.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Xraw/SeparatorP.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Xraw/Simple.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Xraw/SimpleP.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Xraw/XrawInit.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Xraw/color.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/color.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/cvtLong.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/done.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/iconutil.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/scroll.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/scroll.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/strnchr.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermImaging.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/client.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/geom.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/listres/AllWidgets.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/listres/AllWidgets.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/listres/listres.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/obmres.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/param.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmP.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/obmsh/obmsh.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/version.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/xgterm/VTPrsTbl.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/xgterm/VTparse.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/xgterm/button.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/xgterm/charproc.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/xgterm/cursor.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/xgterm/data.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/xgterm/data.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/xgterm/error.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/xgterm/gtermio.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/xgterm/gtermio.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/xgterm/input.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/xgterm/menu.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/xgterm/menu.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/xgterm/ptyx.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/xgterm/ptyx_new.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/xgterm/screen.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/xgterm/scrollbar.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/xgterm/tabs.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/xgterm/util.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/ximtool/clients/wcspix/wcspix.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/ximtool/eps.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/ximtool/eps.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/ximtool/fitsio.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/ximtool/gifio.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism_wcspix.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/ximtool/logo.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/ximtool/logo.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/ximtool/logo/mkhdr.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/ximtool/quant.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/ximtool/rasio.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/ximtool/tiffio.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/ximtool/util.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/ximtool/zscale.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/XTapemon.ad.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/appres.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/classnames.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/classnames.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/patchlevel.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/types.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/types.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c
Examining data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.h
Examining data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/zzdebug.c
FINAL RESULTS:
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2068:9: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(device, uid, gid) < 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2075:5: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(device, mode);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4234:4: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
chown (ttydev, screen->uid, ttygrp->gr_gid);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4235:4: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod (ttydev, 0620);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4239:4: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
chown (ttydev, screen->uid, screen->gid);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4240:4: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod (ttydev, 0622);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4246:3: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
chown (ttydev, screen->uid, screen->gid);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4249:3: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod (ttydev, 0622);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:5061:3: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
chown (ttydev, 0, 0);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:5063:3: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
chown (ptydev, 0, 0);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:5067:3: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod (ttydev, 0666);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:5069:3: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod (ptydev, 0666);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:375:20: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
(void) strncat (pfile, temp, SZ_V1PIXFILE);
data/x11iraf-2.0+2020.06.15+dfsg/obm/Obm.c:148:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (obm->debug_objs, s);
data/x11iraf-2.0+2020.06.15+dfsg/obm/Obm.c:311:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (defaultUI, "%s %s %s {%s.objects: %s%s%s%s%s}; %s; %s\n",
data/x11iraf-2.0+2020.06.15+dfsg/obm/Obm.c:434:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (app_name, obm->appname);
data/x11iraf-2.0+2020.06.15+dfsg/obm/Obm.c:436:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (app_class, obm->appclass);
data/x11iraf-2.0+2020.06.15+dfsg/obm/Obm.c:732:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (newobj->core.name, name);
data/x11iraf-2.0+2020.06.15+dfsg/obm/Obm.c:932:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (obj->core.geometry, s);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Gterm.c:722:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(global_cmapname,++p);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Gterm.c:725:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(w->gterm.cmapName,global_cmapname);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Gterm.c:741:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(property, "GT_%s", w->gterm.cmapName);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermCmap.c:56:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (property, "GT_%s", w->gterm.cmapName);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermCmap.c:544:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (global_cmapname, XtNcmapName);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermCmap.c:600:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(global_cmapname, s);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermCmap.c:611:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(w->gterm.cmapName, global_cmapname);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:1325:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (gm->text, (char *)value);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:1394:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *)value, GmText);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:1397:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *)value, GmLine);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:1400:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *)value, GmPolyline);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:1403:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *)value, GmRectangle);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:1406:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *)value, GmBox);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:1409:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *)value, GmCircle);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:1412:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *)value, GmEllipse);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:1415:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *)value, GmPolygon);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:1581:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *)value, gm->text);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:3002:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (gm->text, w->gterm.gm_TextString);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Layout.c:504:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf (buf, "Layout: undefined variable %s\n",
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:1810:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copy, string);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:1834:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copy, string);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:2251:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dir, ret->path[0]->text);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:2255:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dir, ret->path[count]->text);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:2267:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmppath,"/%s%s",item->text,dir);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:2268:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dir,tmppath);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/MultiList.c:90:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define StrCopy(s) strcpy(TypeAlloc(char,strlen(s)+1),s)
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/MultiList.c:91:32: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define StrCopyRetLength(s,lp) strcpy(TypeAlloc(char,(*lp=(strlen(s)+1))),s)
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/MultiList.c:1473:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer,string);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Scrollbar.c:381:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(s, "Cannot add children to a scrollbar (\"%s\"->\"%s\")",
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:1006:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (patstr, pattern);
data/x11iraf-2.0+2020.06.15+dfsg/obm/listres/listres.c:172:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (format, wn->label);
data/x11iraf-2.0+2020.06.15+dfsg/obm/listres/listres.c:192:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (format, showvar ? (*wn)->label : XmuWnClassname(*wn),
data/x11iraf-2.0+2020.06.15+dfsg/obm/listres/listres.c:197:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (format, "----", "----", "----", "----");
data/x11iraf-2.0+2020.06.15+dfsg/obm/listres/listres.c:204:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (format, showvar ? (*wn)->label : XmuWnClassname(*wn),
data/x11iraf-2.0+2020.06.15+dfsg/obm/listres/listres.c:228:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (format, showvar ? "Variable" : "WidgetClass",
data/x11iraf-2.0+2020.06.15+dfsg/obm/listres/listres.c:231:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (format, showvar ? "--------" : "-----------",
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:585:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (message_data, "%s %s %s %s",
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:759:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (op, "{%s %s %s}",
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:792:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (params[j+2], fields[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:1655:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (op, "%s %d %0.5f %0.5f %0.5f %0.5f",
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:1658:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (op, "%s %d %0.2f %0.2f %0.2f %0.2f",
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:1666:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (op, "%s %d %0.5f %0.5f %0.5f %0.5f", GmLine, src,
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:1669:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (op, "%s %d %0.2f %0.2f %0.2f %0.2f", GmLine, src,
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:1676:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (op, "%s %d %d ", GmPolyline, src, npts);
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:1683:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (op, "%s %d %0.5f %0.5f %0.5f %0.5f %0.5f",
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:1686:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (op, "%s %d %0.2f %0.2f %0.2f %0.2f %0.4f",
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:1694:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (op, "%s %d %0.5f %0.5f %0.5f %0.5f %0.5f",
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:1697:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (op, "%s %d %0.2f %0.2f %0.2f %0.2f %0.4f",
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:1705:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (op, "%s %d %0.5f %0.5f %0.5f", GmCircle, src,
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:1708:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (op, "%s %d %0.2f %0.2f %0.2f", GmCircle, src,
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:1716:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (op, "%s %d %0.5f %0.5f %0.5f %0.5f %0.5f",
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:1719:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (op, "%s %d %0.2f %0.2f %0.2f %0.2f %0.4f",
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:1726:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (op, "%s %d %d ", GmPolygon, src, npts);
data/x11iraf-2.0+2020.06.15+dfsg/obm/param.c:359:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (new_cb->name, argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:337:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (obm->appname, appname = argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:338:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (obm->appclass, appclass = argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1105:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cb->userproc, userproc);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1107:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cb->client_data, client_data);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1232:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cb->userproc, userproc);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1234:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cb->client_data, client_data);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1390:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (lp->name, name);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1512:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (lp->name, name);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1703:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (lp->name, name);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2002:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (lp->name, name);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2178:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ip->label, Tcl_GetStringResult (tcl));
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2297:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (newobj->name, menu_name);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2517:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s: notify()", ip->accelerator);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2571:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (old->label, new->label);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2583:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (old->data, new->data);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2598:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s = old->background, new->background);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2625:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s = old->foreground, new->foreground);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2650:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s: notify()", new->accelerator);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2658:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (old->accelerator, new->accelerator);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2870:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (new->name, name);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2871:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (new->child, child);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:3034:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (target, "*%s", mw->child);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:574:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (obj->widget.translation_table_name, name);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:827:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text_translations, "<Key>Return: do_text(0x%lx, %s) ",
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:912:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (message, "{%s}", string);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:926:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (message, grip->params[i]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:935:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (message, "{%s} %d", list->string, list->list_index);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:996:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (message, "%s", state ? TRUESTR : FALSESTR);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1007:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (message, "%s", state ? TRUESTR : FALSESTR);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1065:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (op, "\"%s\"", label);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1078:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (op, "\"%s\"", label);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1109:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (message, "{%s %d} ",
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1115:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "{ %s } ", item->text);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1116:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (message, buf);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1119:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "{ %s } ", item->text);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1120:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (message, buf);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1148:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (message, "{%s %d} ", ret->item->text, ret->item->open);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1152:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "{ %s } ", item->text);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1153:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (message, buf);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1156:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "{ %s } ", item->text);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1157:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (message, buf);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1483:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (message, "{%s}", s);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:2105:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (result, value ? TRUESTR : FALSESTR);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:2159:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (result, name);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:2971:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "bad item '%s' in tree list", item);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3052:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (message, "{%s 1} { }",
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3066:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (message, "{%s 0} { }",
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3094:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (message, "{%s %d} ", item->text, item->open);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3097:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "{ %s } ", item->text);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3098:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (message, buf);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3101:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "{ %s } ", item->text);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3102:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (message, buf);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3186:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (message, "{%s %d} ", item->text, item->open);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3189:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "{ %s } ", item->text);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3190:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (message, buf);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3193:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "{ %s } ", item->text);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3194:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (message, buf);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4651:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (new_cb->name, argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:5000:25: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (name, str);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:5015:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s%d", name, val);
data/x11iraf-2.0+2020.06.15+dfsg/obmsh/obmsh.c:70:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (fname=argv[1],0) != 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/charproc.c:2913:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, term->misc.input_method);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/charproc.c:2923:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, s);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/charproc.c:2951:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, term->misc.preedit_type);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/charproc.c:3370:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, errfmt, ProgramName, "missing number", s, i);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/charproc.c:3382:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, errfmt, ProgramName, "too many numbers",
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/charproc.c:3400:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, errfmt, ProgramName, "bad value number",
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/charproc.c:3403:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, errfmt, ProgramName, "bad range", s, i);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/charproc.c:3412:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, errfmt, ProgramName, "bad character", s, i);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/charproc.c:3426:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, errfmt, ProgramName, "bad value number", s, i);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/charproc.c:3428:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, errfmt, ProgramName, "bad range", s, i);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/charproc.c:3457:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf( mapName, "%sKeymap", params[0] );
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/charproc.c:3458:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy( mapClass, mapName );
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/charproc.c:3665:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmpname, nfontname);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/gtermio.c:456:19: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
extern char *mktemp();
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/gtermio.c:465:19: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
if ((fname = mktemp (buf))) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/gtermio.c:830:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (rp->strval, strval);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/gtermio.c:1407:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (txtbuf, "setValue {%s}\0", tx_buf);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1047:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ttydev, TTYDEV);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1048:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ptydev, PTYDEV);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1274:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
!access("/dev/console", R_OK|W_OK))
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1625:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttydev, name);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1639:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttydev, ptsname(*pty));
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1649:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttydev, ttyname(*pty));
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1659:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptydev, pty_name);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1660:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttydev, pty_name);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1677:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttydev, tty_name);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1697:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttydev, name);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1769:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ttydev, tty_name);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1778:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttydev, ptsname(*pty));
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1789:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttydev, ttyname(*pty));
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1801:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ttydev, tty_name);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1811:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptydev, pty_name);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1812:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttydev, pty_name);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2014:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(handshake.buffer, ttydev);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2097:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(environ[envindex], var);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2098:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(environ[envindex], value);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2105:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(environ[envindex], var);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2106:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(environ[envindex], value);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2169:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(my_pty_id(device), id);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2171:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(leaf, id);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2674:17: [4] (misc) getlogin:
It's often easy to fool getlogin. Sometimes it does not work at all,
because some program messed up the utmp file. Often, it gives only the
first 8 characters of the login name. The user currently logged in on the
controlling tty of our program need not be the user who started it. Avoid
getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
and extract the desired information instead.
qsetlogin(getlogin(), ttydev);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2714:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(handshake.buffer, ttydev);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2738:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttydev, handshake.buffer);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2751:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(ttydev, ptr);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3196:22: [4] (misc) getlogin:
It's often easy to fool getlogin. Sometimes it does not work at all,
because some program messed up the utmp file. Often, it gives only the
first 8 characters of the login name. The user currently logged in on the
controlling tty of our program need not be the user who started it. Avoid
getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
and extract the desired information instead.
if (((login_name = getlogin()) != NULL
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3408:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(handshake.buffer, ttydev);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3439:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(handshake.buffer, ttydev);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3487:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(termcap, newtc);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3515:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newtc + len, ":%s=\\%03o:",
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3552:3: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(*command_to_exec_with_luit, command_to_exec_with_luit);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3561:3: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(*command_to_exec, command_to_exec);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3563:7: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(ptr, shname, "-c", command_to_exec[0], (void *) 0);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3576:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void) strcat(shname_minus, shname);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3585:3: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl(bin_login, "login", "-p", "-f", login_name, (void *) 0);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3587:6: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(ptr,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3646:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(handshake.buffer, ttydev);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4189:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(handshake.buffer, ttydev);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4210:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttydev, handshake.buffer);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4220:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(ttydev, ptr);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4664:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(handshake.buffer, ttydev);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4687:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(handshake.buffer, ttydev);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4733:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (termcap, newtc);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4767:4: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(*command_to_exec, command_to_exec);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4808:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void) strcat(shname_minus, shname);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4817:5: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl (bin_login, "login", "-p", "-f", pw->pw_name, 0);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4819:3: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp (ptr, (term->misc.login_shell ? shname_minus : shname),
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4873:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(handshake.buffer, ttydev);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4893:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttydev, handshake.buffer);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:5116:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (newtc, ptr2);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:535:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(screen->logfile, log_default);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:575:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(shell, cp);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:581:4: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl(shell, shell, "-c", &screen->logfile[1], 0);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:595:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(screen->logfile, F_OK) != 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:603:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(screen->logfile, F_OK) != 0
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:604:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
|| access(screen->logfile, W_OK) != 0)
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:716:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cp, buf);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:833:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpName,pOld->names[TEXT_BG]);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:883:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newName,name);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:952:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, s, a);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:1026:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (environ [envindex], var);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:1027:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (environ [envindex], value);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:1038:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy (environ [envindex], var);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:1039:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (environ [envindex], value);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/clients/wcspix/wcspix.h:19:52: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
define WP_WCS Memi[$1+4] # WCS system string
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/clients/wcspix/wcspix.h:79:28: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
define PAR_WCS 3 # WCS system
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/clients/wcspix/wcspix.h:90:49: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
define DEF_SYSTEM SYS_LOGICAL # default coord system
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/eps.c:441:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (psim->cmap.cmap_name, cmap_name);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/eps.c:1910:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (username, pw->pw_name);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/eps.c:1913:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "NOAO/IRAF %s@%s %s",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/fitsio.c:232:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (line, error);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/fitsio.c:237:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%-16.16s %3d (%2d extns) %s",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/fitsio.c:240:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%-16.16s %3d %5dx%-5d %s",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/fitsio.c:555:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(error, "Keyword %s not found in FITS file", name);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/gifio.c:260:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%-16.16s 8 %5dx%-5d GIF%s Image (%d colors)",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:342:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (path, xim->unixaddr, getuid());
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:350:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sockaddr.sun_path, path);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:829:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (wcs, "%s\n%f %f %f %f %f %f %f %f %d\n",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:832:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (mapping, "%s %f %f %d %d %d %d %d %d\n%s\n",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:836:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (text=emsg, wcs);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:837:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, mapping);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:899:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (chan->rf_p->ctran.format, W_DEFFORMAT);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:1266:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (curval, "%10.3f %10.3f %d %s %s\n",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:1390:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (obuf, ct->format, wx + 0.005, wy + 0.005, wz, ch);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:1452:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (df_p->label, "[%d] %s", df_p->frameno, df_p->ctran.imtitle);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:1522:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ct->format, format);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:1576:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (buf, wcsbuf);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:1588:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (&buf[i], "%s%f%f%d%d%d%d%d%d\n%s\n",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:1610:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "cache %s %d", mp->ref, mp->id);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:1616:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "cache %s %d %d", mp->ref, fr->frameno, mp->id);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:141:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (pixfile_v1, R_OK) != 0) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:190:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (pixfile_v2, R_OK) != 0) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:327:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%-16.16s %3d %5dx%-5d %s",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:381:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy (pfile, ++ip);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:118:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (path, dev, getuid());
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:120:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (path, xim->ism_addr, getuid());
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:142:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "wcspix_cmd {%s}", DEF_ISM_CMD);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:317:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (chan->msgbuf, text);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:333:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (text, "connect %s", name);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:339:17: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (path, DEF_ISM_TEMPLATE, getuid(), new_chan->id);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:365:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (chan->name, name);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:368:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "connect %s", path);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:552:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s\0", command);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:589:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sockaddr.sun_path, path);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:643:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (objects, name);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism_wcspix.c:52:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "cache %s %d", mp->ref, mp->id);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism_wcspix.c:58:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "cache %s %d %d", mp->ref, fr->frameno, mp->id);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism_wcspix.c:137:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (msgbuf, "setValue { deliver wcspix { %s } }", message);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:60:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (flp->homedir, getenv("HOME"));
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:62:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (flp->curdir, flp->homedir);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:72:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "curdir %s\0", flp->curdir);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:74:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "pattern %s\0", flp->pattern);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:138:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(fname, R_OK) != 0) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:139:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "warning %s\0", "Error: File not found.");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:201:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "warning %s\0", "Error: Unknown raster file type.");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:346:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (mp->region, "%s", "image");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:348:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (mp->ref, "%s/%s", buf, fname);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:350:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (mp->ref, "%s", fname);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:372:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fr->ctran.imtitle, mapname);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:373:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (mp->ctran.imtitle, mapname);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:377:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "cache %s %d", mp->ref, mp->id);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:383:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "cache %s %d %d", mp->ref, fr->frameno, mp->id);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:639:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy (filelist[*number_entries], entry->d_name);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:901:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "status {%s}", message);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:56:8: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
char *mktemp();
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:91:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (fname, pcp->printFile, pcp->seqno++);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:93:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fname, pcp->printFile);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:95:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (fname, F_OK) < 0) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:104:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "Wrote %d bytes to '%s'",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:109:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "Could not open file %s", fname);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:136:7: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
if (mktemp(tmpfile) == (char *)NULL)
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:140:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "Cannot open temporary file:\n%s", tmpfile);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:150:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "%s\n%s\n%s",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:154:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ok_action, "print rename %s %s", tmpfile, fname);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:155:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cancel_action, "print cancel %s", tmpfile);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:163:10: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
if (mktemp(tmpfile) == (char *)NULL)
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:173:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "cat %s | %s", tmpfile, pcp->printCmd);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:174:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (text); /* dispose to printer */
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:202:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "Could not write file %s", new);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:205:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "Wrote %d bytes to %s", fs.st_size, new);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:256:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "printerName %s", printer_list[0].printerName);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:259:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pcp->printCmd, printer_list[0].printCmd);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:260:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "printCmd %s", pcp->printCmd);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:283:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (xim->printConfig, R_OK) == 0) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:381:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "status {%s}", message);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/rasio.c:477:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%-16.16s %3d %5dx%-5d %s %s",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/rasio.c:544:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (errstr, "%s: %s\n", fname, st);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:169:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cmapname, cm->name);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:267:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cmapname, cm->name);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:964:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s", xim->tileFrames ? "True" : "False");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:1063:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, " %s ", &mp->ref[++j]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:1073:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, " %s ", &fb->ctran.imtitle[j]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2167:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cm->name, mapname);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2222:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (msgbuf, "setValue {%s}", message);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2256:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (msgbuf, "setValue {{%s} {%s} {%s}}", text,
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2325:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%d \"%s\" %0.3f %0.3f", fb->frameno,
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2386:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (lbuf, "%s/%s", fname, FBCONFIG_1);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2539:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fname, function);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2548:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (fname, 0) == 0)
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:92:8: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
char *mktemp();
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:95:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (fname, template, fsp->seqno++);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:124:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (fname, F_OK) < 0) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:134:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "Wrote %d bytes to %s", (int)fs.st_size, fname);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:138:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "Error %d\nCannot open file %s", errno, fname);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:159:10: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
if (mktemp(tmpfile) == (char *)NULL)
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:163:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "Cannot open temporary file:\n%s", tmpfile);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:170:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "%s\n%s\n%s",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:174:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ok_action, "save rename %s %s", tmpfile, fname);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:175:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cancel_action, "save cancel %s", tmpfile);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:295:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "Could not write file %s", new);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:301:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "Wrote %d bytes to %s", (int)fs.st_size, new);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:324:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "status {%s}", message);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:377:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "text {-- Frame %d --\n%s\n%s\n%d bytes\n%dx%dx%d}",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:723:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s", value ? "True" : "False");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:737:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s", value ? "True" : "False");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1290:36: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
sprintf (val, "{%10.1f} ", z1); strcat (buf, val);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1291:36: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
sprintf (val, "{%10.1f} ", z2); strcat (buf, val);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1297:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, val);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1302:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, val);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1307:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, val);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1312:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, val);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1477:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (strval, argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1480:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (strval, argv[i]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1496:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s %s", option, value ? "True" : "False");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1503:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s %s", option, value ? "True" : "False");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1510:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s %s", option, value ? "True" : "False");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1517:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s %s", option, value ? "True" : "False");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1524:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s %s", option, value ? "True" : "False");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1531:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s %s", option, value ? "True" : "False");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1536:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (psim->label, strval);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1537:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "title %s", strval);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1545:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (psim->label, "[Frame %d] %s",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1555:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s %s", option, value ? "True" : "False");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1563:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s %s", option, value ? "True" : "False");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1571:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s %s", option, strval);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1583:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s %s", option, strval);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1590:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s %d", option, value);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1601:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s %s", option, strval);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1610:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "printCmd %s", pcp->printCmd);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1619:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "printFile %s", pcp->printFile);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1631:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "printerName %s", strval);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1633:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pcp->printCmd, printer_list[pnum].printCmd);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1634:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "printCmd %s", pcp->printCmd);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1638:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pcp->printCmd, strval);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1639:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "printCmd %s", strval);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1643:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pcp->printFile, strval);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1644:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "printFile %s", strval);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1689:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (strval, argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1692:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (strval, argv[i]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1732:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s %s", option, strval);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1734:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "fname %s", fsp->fname);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1744:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s %s", option, strval);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1748:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fsp->fname, strval);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1749:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s %s", option, strval);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1803:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "curdir %s", flp->curdir);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1810:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "curdir %s", flp->curdir);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1815:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (flp->curdir, flp->homedir);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1816:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "curdir %s", flp->curdir);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1822:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (flp->pattern, strval);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1823:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "pattern %s", flp->pattern);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1836:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "gray %s", strval[0] == '0' ? "off" : "on");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1841:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "zscale %s", strval[0] == '0' ? "off" : "on");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1846:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "zrange %s", strval[0] == '0' ? "off" : "on");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1851:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "z1 %s", argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1856:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "z2 %s", argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1861:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "nsample %s", argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1996:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (flp->curdir, "%s", fname);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1999:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (flp->curdir, fname);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2001:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "curdir %s", flp->curdir);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2012:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (flp->curdir, "%s", fname);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2013:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "curdir %s", flp->curdir);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2134:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "\t%s\n\n", ximtool_version[0]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2136:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%20s: %s\n", "Base Pixel",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2138:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2139:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%20s: %s\n", "Max Colors",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2141:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2142:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%20s: %s\n", "Memory Model", xim->memModel);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2143:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2144:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%20s: %s\n", "Antialias Type", xim->antialiasType);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2145:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2149:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cmapname, cm->name);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2150:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%20s: %s\n", "Current Colormap", cmapname);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2151:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2152:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%20s: %d\n", "Colormaps Available", ncolormaps);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2153:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2154:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%20s: %s\n", "User Cmap 1", xim->userCMap1);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2155:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2156:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%20s: %s\n", "User Cmap 2", xim->userCMap1);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2157:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2158:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%20s: %s\n", "Cmap Dir 1", xim->userCMapDir1);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2159:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2160:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%20s: %s\n", "Cmap Dir 2", xim->userCMapDir2);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2161:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2163:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%20s: %s\n", "Printer Config", xim->printConfig);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2164:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2165:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%20s: %s\n", "Printer File", xim->pcp->printFile);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2166:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2167:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%20s: %s\n", "Printer Cmd", xim->pcp->printCmd);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2168:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2196:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2198:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (path, xim->ism_addr, getuid());
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2199:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "unix: %s\n", path);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2200:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2203:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (path, xim->unixaddr, getuid());
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2204:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, " unix: %s\n", path);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2207:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2211:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, " fifo: %s\n\t %s\n\n",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2215:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2223:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, " %-9.9s %-15.15s '%s'\n",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2227:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2250:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2253:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, " a = %9.3f\t b = %9.3f %s\n",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2255:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2257:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, " c = %9.3f\t d = %9.3f %s\n",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2259:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2261:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, " tx = %9.3f\tty = %9.3f %s\n",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2263:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2264:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, " z1 = %9.3f\tz2 = %9.3f %s\n",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2266:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2268:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, " zt = %9s\t%30s\n",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2273:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2293:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2296:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2298:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2300:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2301:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, " z1 = %7.3f z2 = %7.3f\tzt: %s\n",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2306:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2308:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, " region %d: %s\n", mp->regid, mp->region);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2309:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2312:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2316:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2317:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, " ref: %s\n", mp->ref);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2318:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2339:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, " Imtoolrc File: %s\n", xim->imtoolrc);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2340:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2360:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, " %4d\t\t%2d\t%5d\t%5d\t %s\n",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2363:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, line);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2495:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (ism->command);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:104:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (argv[i], "XImtool*cmapName:%s\0", str);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:123:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (argv[i], "XImtool*cmapInitialize:%s", str);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:129:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (argv[i], "XImtool*displayPanner:%s", str);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:135:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (argv[i], "XImtool*displayMagnifier:%s", str);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:141:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (argv[i], "XImtool*displayCoords:%s", str);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:147:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (argv[i], "XImtool*printConfig:%s", str);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:210:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (init_file, F_OK) < 0) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:214:18: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
} else if (access (init_file, R_OK) < 0) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:262:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (xim->input_fifo, "%si", argv[i]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:263:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (xim->output_fifo, "%so", argv[i]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:376:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (ism->command);
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c:165:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "ready on port %s (%d)",
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c:429:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (msg, start);
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c:438:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (iodev, value+1);
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c:440:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (obuf, "connected to %s,%s on port %s (%d)",
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c:484:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (obuf, "%s = %s", word, value);
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c:684:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf,fmt,arg);
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c:694:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf,fmt,arg1,arg2);
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c:713:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf,fmt,arg);
data/x11iraf-2.0+2020.06.15+dfsg/obm/Obm.c:143:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
obm->debug = ((s = getenv("OBMDEBUG")) != NULL);
data/x11iraf-2.0+2020.06.15+dfsg/obm/Obm.c:146:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((s = getenv("OBMOBJECTS"))) {
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmP.h:530:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
extern char *getenv();
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:471:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
extern char *getenv();
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2586:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv("CONSEM") && ioctl(ptyfd, I_PUSH, "consem") < 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3197:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
|| (login_name = getenv("LOGNAME")) != NULL
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3198:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
|| (login_name = getenv("USER")) != NULL)
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3476:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv("HOME"))
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3478:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv("SHELL"))
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3534:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (((ptr = getenv("SHELL")) == NULL || *ptr == 0) &&
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3538:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (((ptr = getenv("SHELL")) == NULL || *ptr == 0) &&
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4082:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv("CONSEM") && ioctl (ptyfd, I_PUSH, "consem") < 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4725:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv("HOME"))
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4727:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv("SHELL"))
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4793:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(((ptr = getenv("SHELL")) == NULL || *ptr == 0) &&
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4797:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(((ptr = getenv("SHELL")) == NULL || *ptr == 0) &&
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:58:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
extern char *getenv();
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:569:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(((cp = getenv("SHELL")) == NULL || *cp == 0)
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:1074:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
extern char *getenv();
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:1084:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
maxerrs = ((err = getenv (env_maxerrs)) ? atoi(err) : 50);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:1090:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
action = getenv (envvar);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:490:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
iis_debug = (getenv("DEBUG_IIS") != (char *)NULL);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:1626:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("DEBUG_MAPPINGS") != NULL) print_mappings (fr);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:95:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("DEBUG_ISM") != NULL)
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:96:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ism_debug = atoi(getenv("DEBUG_ISM"));
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:105:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((ism_path = getenv ("ISMDEV")) != NULL) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:42:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
extern char *getcwd(), *getenv();
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:60:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strcpy (flp->homedir, getenv("HOME"));
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:392:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (debug || getenv("DEBUG_MAPPINGS") != NULL) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/quant.c:31:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random() rand()
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/quant.c:32:9: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define srandom(x) srand(x)
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/quant.c:32:20: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define srandom(x) srand(x)
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/quant.c:195:6: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom ((int) (time (0) ^ getpid ()) ) ;
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/quant.c:197:23: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
thisrerr[col] = random () % (FS_SCALE * 2) - FS_SCALE;
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/quant.c:198:23: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
thisgerr[col] = random () % (FS_SCALE * 2) - FS_SCALE;
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/quant.c:199:23: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
thisberr[col] = random () % (FS_SCALE * 2) - FS_SCALE;
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2383:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((fname=getenv(FBCONFIG_ENV1)) || (fname=getenv(FBCONFIG_ENV2)))
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2383:46: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((fname=getenv(FBCONFIG_ENV1)) || (fname=getenv(FBCONFIG_ENV2)))
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2385:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!fp && (fname = getenv ("HOME"))) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2783:6: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand (seed++);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2802:6: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand (seed++);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2819:6: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand (seed++);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:38:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
extern char *getcwd(), *getenv();
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:561:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
extern char *getenv();
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:571:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((action = getenv (envvar))) {
data/x11iraf-2.0+2020.06.15+dfsg/obm/Obm.c:138:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (obm->appname, "gterm-iraf");
data/x11iraf-2.0+2020.06.15+dfsg/obm/Obm.c:139:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (obm->appclass, "Xgterm");
data/x11iraf-2.0+2020.06.15+dfsg/obm/Obm.c:144:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (s && (i = atoi(s)))
data/x11iraf-2.0+2020.06.15+dfsg/obm/Obm.c:266:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (obm->appname, "gterm-iraf");
data/x11iraf-2.0+2020.06.15+dfsg/obm/Obm.c:267:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (obm->appclass, "Xgterm");
data/x11iraf-2.0+2020.06.15+dfsg/obm/Obm.c:294:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char defaultUI[SZ_MESSAGE];
data/x11iraf-2.0+2020.06.15+dfsg/obm/Obm.c:394:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/Obm.c:397:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message, "%d", state);
data/x11iraf-2.0+2020.06.15+dfsg/obm/Obm.c:523:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (fname, 0)) < 0)
data/x11iraf-2.0+2020.06.15+dfsg/obm/Obm.c:597:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SZ_NAME];
data/x11iraf-2.0+2020.06.15+dfsg/obm/Obm.c:891:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NAME];
data/x11iraf-2.0+2020.06.15+dfsg/obm/Obm.c:1049:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SZ_NAME];
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmP.h:197:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SZ_NAME]; /* class name */
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmP.h:202:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SZ_NAME]; /* object class name */
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmP.h:369:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SZ_NAME]; /* object name */
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmP.h:380:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char geometry[SZ_GEOMETRY]; /* used to recreate shells */
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmP.h:390:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SZ_NAME];
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmP.h:444:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SZ_NAME];
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmP.h:452:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char appname[SZ_NAME]; /* application name */
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmP.h:453:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char appclass[SZ_NAME]; /* application class */
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Board.c:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[100];
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Board.c:86:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(tmp, "%d+%f %d+%f %d+%f %d+%f",
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Group.c:198:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[30];
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Gterm.c:565:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char global_cmapname[CMAPNAME_SIZE];
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Gterm.c:677:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char property[128], cname[12];
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Gterm.c:734:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(w->gterm.cmapName,"ForcePseudo");
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermCmap.c:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char property[128];
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermCmap.c:453:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char allocated[MAX_SZCMAP];
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermCmap.c:713:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ip, *op, name[32];
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermDebug.c:5:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char b[32];
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermDebug.c:8:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (b, "%dx%dx%d", w->core.width, w->core.height, w->core.depth);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermImaging.c:3146:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags[32];
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermImaging.c:3194:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[256];
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:837:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x[32], y[32];
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:838:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char width[32], height[32];
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:839:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[5];
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:849:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (x, "%d", gm->x);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:850:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (y, "%d", gm->y);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:851:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (width, "%d", gm->width);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:852:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (height, "%d", gm->height);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:1345:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char *argv[2];
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:1511:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy ((char *)value, "FillSolid");
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:1514:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy ((char *)value, "FillTiled");
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:1517:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy ((char *)value, "FillStippled");
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:1520:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy ((char *)value, "FillOpaqueStippled");
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:1523:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy ((char *)value, "FillSolid");
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:1869:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (atoi((char *)value));
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:1897:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int index = atoi (str);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:2022:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf ((char *)value, "%d", ival);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:2046:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf ((char *)value, "%g", fval);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:2229:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char argbuf[2048];
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:2230:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[30];
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:2245:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (argv[argc++]=op, "%d", gm->x); op += SZ_NUMBER;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:2246:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (argv[argc++]=op, "%d", new_gm->x); op += SZ_NUMBER;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:2250:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (argv[argc++]=op, "%d", gm->y); op += SZ_NUMBER;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:2251:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (argv[argc++]=op, "%d", new_gm->y); op += SZ_NUMBER;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:2254:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (argv[argc++]=op, "width"); op += SZ_NUMBER;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:2255:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (argv[argc++]=op, "%d", gm->width); op += SZ_NUMBER;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:2256:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (argv[argc++]=op, "%d", new_gm->width); op += SZ_NUMBER;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:2259:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (argv[argc++]=op, "height"); op += SZ_NUMBER;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:2260:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (argv[argc++]=op, "%d", gm->height); op += SZ_NUMBER;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:2261:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (argv[argc++]=op, "%d", new_gm->height); op += SZ_NUMBER;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:2266:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (argv[argc++]=op, "rotangle"); op += SZ_NUMBER;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:2267:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (argv[argc++]=op, "%g", rot); op += SZ_NUMBER;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:2268:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (argv[argc++]=op, "%g", new_rot); op += SZ_NUMBER;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:2280:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new_gm->x = atoi (ip); ip += SZ_NUMBER*3;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:2283:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new_gm->y = atoi (ip); ip += SZ_NUMBER*3;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:2286:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new_gm->width = atoi (ip); ip += SZ_NUMBER*3;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:2289:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new_gm->height = atoi (ip); ip += SZ_NUMBER*3;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:3042:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Layout.c:503:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:634:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[1024];
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:712:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (item->open)
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:733:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (item->open)
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:748:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (item->firstchild && item->open) {
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:763:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (item->firstchild && item->open) {
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:794:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (item->firstchild && item->open)
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:811:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (item->firstchild && item->open)
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:859:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret->open = item->open;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:915:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret->open = item->open;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:936:53: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
w->list.timer_item->open = !w->list.timer_item->open;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:1172:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (item->open)
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:1178:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (item->open)
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:1277:38: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((item->firstchild) && (item->open))
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:1322:38: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((item->firstchild) && (item->open))
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:1487:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (item->open)
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:1493:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (item->open)
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:1509:38: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((item->firstchild) && (item->open)) {
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:1536:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (item->open)
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:1542:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (item->open)
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:1556:38: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((item->firstchild) && (item->open)) {
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:1586:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (item->open)
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:1592:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (item->open)
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:1604:38: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((item->firstchild) && (item->open)) {
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:1633:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (item->open)
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:1639:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (item->open)
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:1651:38: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((item->firstchild) && (item->open)) {
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:2263:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmppath[1024];
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.h:56:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Boolean open;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.h:73:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Boolean open;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.h:84:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Boolean open;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Scrollbar.c:380:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[500];
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Separator.c:149:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lowerName[BUFSIZ];
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Tablist2Tabs.c:31:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tabs[ntabs++] = atoi(tablist);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Tabs.c:1332:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256] ;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Tabs.c:1333:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, "XawTabsSetTop: widget \"%.64s\" is not the child of a tabs widget.", XtName(w)) ;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/cvtLong.c:24:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[30];
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/cvtLong.c:32:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%ld", *((long*) from->addr));
data/x11iraf-2.0+2020.06.15+dfsg/obm/client.c:127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[MAX_ARGS];
data/x11iraf-2.0+2020.06.15+dfsg/obm/geom.c:17:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char geometry[SZ_GEOMETRY];
data/x11iraf-2.0+2020.06.15+dfsg/obm/geom.c:82:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "%dx%d",
data/x11iraf-2.0+2020.06.15+dfsg/obm/geom.c:86:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "%dx%d", win_attributes.width, win_attributes.height);
data/x11iraf-2.0+2020.06.15+dfsg/obm/geom.c:168:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "-%d", xright);
data/x11iraf-2.0+2020.06.15+dfsg/obm/geom.c:170:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "+%d", rx);
data/x11iraf-2.0+2020.06.15+dfsg/obm/geom.c:175:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "-%d", ybelow);
data/x11iraf-2.0+2020.06.15+dfsg/obm/geom.c:177:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "+%d", ry);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:813:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_x[SZ_NUMBER], s_y[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:814:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message_data[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:823:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_MESSAGE];
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:831:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s_x, "%d", ev->x);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:832:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s_y, "%d", ev->y);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:866:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s_x, "%d", ev->x);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:867:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s_y, "%d", ev->y);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:869:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "%d ", ev->button);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:881:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (message_data, "unknown none");
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:916:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_width[SZ_NUMBER], s_height[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:919:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s_width, "%d", width);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:920:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s_height, "%d", height);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:994:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster = (argc > 3) ? atoi (argv[3]) : -1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1026:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *xout, *yout, buf[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1036:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", x);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1038:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", y);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1131:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER], *raster_var;
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1161:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", raster);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1197:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
width = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1198:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
height = atoi (argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1222:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1232:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", width);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1234:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", height);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1266:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
width = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1267:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
height = atoi (argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1268:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster = (argc > 3) ? atoi(argv[3]) : GtGetRaster(w);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1296:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1303:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster = (argc > 3) ? atoi(argv[3]) : GtGetRaster(w);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1306:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", width);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1308:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", height);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1311:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", raster);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1343:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rows = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1344:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cols = atoi (argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1407:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((width = atoi (argv[1])) < 0)
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1707:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
x = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1708:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
y = atoi (argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1742:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1756:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", width);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1760:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", height);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1764:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", base);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1768:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", width);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1888:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
x = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1889:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
y = atoi (argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1923:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1937:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", width);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1941:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", height);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1945:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", base);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1949:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", width);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2013:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2020:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
drawable = (XtPointer) atoi(object);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2095:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2096:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
width = atoi (argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2097:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
height = atoi (argv[3]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2099:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
depth = (argc > 5) ? atoi(argv[5]) : 0;
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2137:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2167:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER], *v_type;
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2172:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2180:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", width);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2184:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", height);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2192:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", depth);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2221:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2227:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", raster);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2251:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2253:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", GtNRasters(w));
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2291:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2292:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
x = atoi (argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2293:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
y = atoi (argv[3]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2294:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data[0] = atoi (argv[4]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2324:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2331:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2332:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
x = atoi (argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2333:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
y = atoi (argv[3]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2336:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", data[0]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2428:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2431:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nbits = atoi (argv[4]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2432:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
x1 = atoi (argv[5]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2433:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
y1 = atoi (argv[6]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2434:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nx = atoi (argv[7]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2435:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ny = atoi (argv[8]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2436:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bias = (argc > 9) ? atoi(argv[9]) : 0;
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2611:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2613:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nbits = atoi (argv[3]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2614:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
x1 = atoi (argv[4]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2615:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
y1 = atoi (argv[5]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2616:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nx = atoi (argv[6]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2617:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ny = atoi (argv[7]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2618:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bias = (argc > 8) ? atoi(argv[8]) : 0;
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2845:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2893:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2894:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
color = (argc > 2) ? atoi(argv[2]) : GtGetClientPixel(w,0);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2910:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rop = (argc > 8) ? atoi(argv[8]) : 0;
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2954:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster = atoi (argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3006:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster = atoi (argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3050:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3052:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", GtNextColormap (w));
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3082:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
colormap = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3131:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
colormap = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3133:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
offset = (argc > 3) ? atoi(argv[3]) : FIRST_COLOR;
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3188:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colors[MAX_COLORS * 3 * 20];
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3194:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3200:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
colormap = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3202:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
offset = (argc > 3) ? atoi(argv[3]) : FIRST_COLOR;
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3203:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
request = (argc > 4) ? atoi(argv[4]) : MAX_COLORS;
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3211:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "{%d %d %d} ", (r[i] >> 8), (g[i] >> 8), (b[i] >> 8));
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3219:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", ncolors);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3251:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
colormap = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3289:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3294:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pixel = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3297:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", client_pixel);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3331:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3336:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", nelem);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3340:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", maxelem);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3344:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", first);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3390:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3394:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", mapping);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3424:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mapping = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3458:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mapping = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3459:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
reference = (argc > 2) ? atoi(argv[2]) : 0;
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3492:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mapping = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3493:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
reference = (argc > 2) ? atoi(argv[2]) : 0;
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3523:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mapping = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3556:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mapping = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3583:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3589:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mapping = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3620:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mapping = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3664:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rop = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3754:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mapping = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3755:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rop = atoi (argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3791:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3796:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mapping = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3803:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", rop);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3850:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3856:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dras = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3882:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%g", fx);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3884:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%g", fy);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3887:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", mp);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3891:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", raster);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3927:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3955:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", src);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3957:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%g", fx);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3959:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%g", fy);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3965:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", data[0]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:3998:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mapping = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:4231:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (atoi (name));
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:4338:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*src = atoi (argv[0]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:4352:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*dst = atoi (argv[6]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:4385:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:4387:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", src);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:4392:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%g", ndc ? (float)sx / MAXNDC : (float)sx);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:4394:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%g",
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:4397:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%g", ndc ? (float)snx / MAXNDC : (float)snx);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:4399:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%g", ndc ? (float)sny / MAXNDC : (float)sny);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:4402:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", src);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:4407:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%g", ndc ? (float)dx / MAXNDC : (float)dx);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:4409:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%g",
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:4412:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%g", ndc ? (float)dnx / MAXNDC : (float)dnx);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:4414:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%g", ndc ? (float)dny / MAXNDC : (float)dny);
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:309:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
element_id = target_anchor ? atoi (target_anchor) : 0;
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:401:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:406:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
x = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:407:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
y = atoi (argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:410:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", element_id);
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:437:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:443:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
element_id = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:452:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", x);
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:457:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", y);
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:487:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:502:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", x);
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:507:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", y);
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:534:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:544:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", element_id);
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:572:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
element_id = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:605:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:630:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", n);
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:660:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:685:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", n);
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:713:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:767:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", n);
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:960:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char patstr[64];
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:991:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:992:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "{%d %d}", start.id, start.pos);
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:995:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "{%d %d}", end.id, end.pos);
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:1143:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char event_type[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:1144:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char element_id[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:1149:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (element_id, "%d", ap->element_id);
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:1159:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:1183:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "Button%d", ev->button);
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:1187:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (event_type, "unknown");
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:1246:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (atoi (Tcl_GetStringResult (obm->tcl)))
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:1288:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *abuf, event_type[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:1305:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:1329:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "Button%d", ev->button);
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:1333:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (event_type, "unknown");
data/x11iraf-2.0+2020.06.15+dfsg/obm/listres/listres.c:41:58: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void *memmove(a,b,n) void *a; const void *b; size_t n; { bcopy(b,a,n); }
data/x11iraf-2.0+2020.06.15+dfsg/obm/listres/listres.c:44:44: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void *memmove(a,b,n) void *a, *b; int n; { bcopy(b,a,n); }
data/x11iraf-2.0+2020.06.15+dfsg/obm/listres/listres.c:164:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[20];
data/x11iraf-2.0+2020.06.15+dfsg/obm/listres/listres.c:170:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (format, "%%-%ds ", width);
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:560:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message_data[SZ_MESSAGE];
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:588:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (message_data, "0 0 0 0");
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:644:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_MESSAGE];
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:648:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (op, "keyPress ");
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:650:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (op, "keyRelease ");
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:682:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (op, "buttonPress ");
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:684:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (op, "buttonRelease ");
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:688:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "%d ", ev->button);
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:699:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (message_data, "unknown none");
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:1178:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *name, value[SZ_COMMAND];
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:1242:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *name, *variable, value[SZ_COMMAND];
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:1370:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
first = (argc > 2) ? atoi(argv[2]) : 0;
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:1371:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
npts = (argc > 3) ? atoi(argv[3]) : 0;
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:1397:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "{%d %d} ", (int)pv[i].x, (int)pv[i].y);
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:1461:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
first = (argc > 2) ? atoi(argv[2]) : 0;
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:1462:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
npts = (argc > 3) ? atoi(argv[3]) : 0;
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:1748:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "{%0.5f %0.5f} ", vv[i].x, vv[i].y);
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:1750:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "{%0.2f %0.2f} ", vv[i].x, vv[i].y);
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:1807:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *type, buf[32];
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:1854:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", dx);
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:1857:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", dy);
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:1860:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", dnx);
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:1863:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", dny);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:329:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *resource_buf, *resource_list[MAX_RESOURCES];
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:485:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SZ_NAME], class[SZ_NAME], parent[SZ_NAME];
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:983:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1007:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
err: sprintf (buf, "bad item '%d' in resource list", item + 1);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1079:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1088:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
interval = atoi (argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1115:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "0x%lx", cb);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1209:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1240:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "0x%lx", cb);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1366:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numbuf[32], *data, *dp;
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1448:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
width = atoi (argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1449:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
height = atoi (argv[3]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1488:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numbuf[32], *data, *dp;
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1585:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
width = atoi (argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1586:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
height = atoi (argv[3]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1587:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
depth = atoi (argv[4]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1941:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
x_hot = atoi (argv[6]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1942:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
y_hot = atoi (argv[7]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2374:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SZ_NAME];
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2408:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name, "item%d", itemno++);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2415:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name, "line%d", lineno++);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2424:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name, "line%d", lineno++);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2426:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name, "line%d", lineno++);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2432:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name, "menu%d", menuno++);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2444:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
XtSetArg (args[nargs], XtNheight, atoi(ip->data));
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2446:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name, "line%d", lineno++);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2473:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s[3];
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2516:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_MESSAGE];
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2648:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_MESSAGE];
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2794:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SZ_NAME]; /* name of menu containing widget */
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2795:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char child[SZ_NAME]; /* submenu name */
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:3020:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[SZ_NAME];
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:825:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text_translations[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:897:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[SZ_COMMAND];
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:978:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, " %d", list->selected_items[i]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1044:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[SZ_COMMAND];
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1098:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[SZ_COMMAND], buf[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1110:44: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
list->items[0]->text, list->items[0]->open);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[SZ_COMMAND], buf[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1148:60: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sprintf (message, "{%s %d} ", ret->item->text, ret->item->open);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1203:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[100];
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1206:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message, "0%o %d %d %d %d %d %d", rp->changed,
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1227:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[100];
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1233:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message, "%0.6f", *((float *)call_data));
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1247:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message, "%0.5f %0.5f",
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1252:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message, "%0.5f", info->hpos);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1254:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message, "%0.5f", info->vpos);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1273:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[100];
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1280:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message, "%d", (int)call_data);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1298:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message, "%0.5f %0.5f",
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1303:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message, "%0.5f", info->hpos);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1305:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message, "%0.5f", info->vpos);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1518:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[SZ_COMMAND], *param;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1591:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "%u ", time);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1595:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "%d ", x);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1599:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "%d ", y);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1603:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "%d ", x_root);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1607:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "%d ", y_root);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1723:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xoffset = (*num_params >= 2) ? atoi(params[1]) : -10;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1724:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
yoffset = (*num_params >= 3) ? atoi(params[2]) : -10;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:2065:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[SZ_MESSAGE];
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:2114:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (result, "%d", value);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:2124:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (result, "%d", value);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:2130:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (result, "%g", value);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:2152:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (result, "0x%x", value);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:2166:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (result, "0x%x", value);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:2190:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_COMMAND];
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:2318:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:2336:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
requested = atoi (itemno);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:2352:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", itemp->list_index);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:2399:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, " %d", list->selected_items[i]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:2519:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (atoi(itemstr));
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:2591:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:2601:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%g", info.hpos);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:2606:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%g", info.vpos);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:2611:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%g", info.hsize);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:2616:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%g", info.vsize);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:2820:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
x = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:2821:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
y = atoi (argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:2894:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *list, buf[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:2966:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3030:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[SZ_COMMAND], buf[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3056:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (message, "{all 1} { }");
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3070:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (message, "{all 0} { }");
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3094:54: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sprintf (message, "{%s %d} ", item->text, item->open);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3144:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[SZ_COMMAND], buf[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3186:50: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sprintf (message, "{%s %d} ", item->text, item->open);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3325:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nrows = atoi(argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3326:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ncols = atoi(argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3388:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
row = atoi(argv[1]) - 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3389:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
col = atoi(argv[2]) - 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3435:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
row = atoi(argv[1]) - 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3436:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
col = atoi(argv[2]) - 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3511:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
col = atoi(argv[1]) - 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3516:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cols[i] = atoi(items[i]) - 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3528:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
XawTableSetColumnWidth (wp->w, col, atoi(argv[3]));
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3536:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
widths[i] = atoi(items[i]) - 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3606:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[SZ_MESSAGE];
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3616:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
col = atoi(argv[1]) - 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3633:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (result, "left");
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3635:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (result, "center");
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3637:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (result, "right");
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3639:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (result, "left");
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3677:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
row = atoi(argv[1]) - 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3735:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[SZ_MESSAGE];
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3745:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
row = atoi(argv[1]) - 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3776:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
col = atoi(argv[1]) - 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3819:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
width = atoi(argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3823:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
colnum = max (0, min (ncols, atoi (col) - 1));
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3857:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
row = atoi(argv[1]) - 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3902:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rownum = max (0, min (nrows, atoi (row) - 1));
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3936:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nrows = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3937:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ncols = atoi (argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3961:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16], *nrows, *ncols;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3973:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", nr);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3975:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", nc);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4245:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
XtSetArg (args[nargs], XtNx, atoi(argv[1])); nargs++;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4246:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
XtSetArg (args[nargs], XtNy, atoi(argv[2])); nargs++;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4272:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
XtSetArg (args[nargs], XtNwidth, atoi(argv[1])); nargs++;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4273:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
XtSetArg (args[nargs], XtNheight, atoi(argv[2])); nargs++;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4275:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
XtSetArg (args[nargs], XtNborderWidth, atoi(argv[3]));
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4304:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
XtSetArg (args[nargs], XtNx, atoi(argv[1])); nargs++;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4305:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
XtSetArg (args[nargs], XtNy, atoi(argv[2])); nargs++;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4306:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
XtSetArg (args[nargs], XtNwidth, atoi(argv[3])); nargs++;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4307:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
XtSetArg (args[nargs], XtNheight, atoi(argv[4])); nargs++;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4309:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
XtSetArg (args[nargs], XtNborderWidth, atoi(argv[5]));
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4346:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NUMBER];
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4398:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", x);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4401:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", y);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4404:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", width);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4407:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", height);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4439:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4444:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
x = atoi(argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4445:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
y = atoi(argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4446:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
width = atoi(argv[3]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4447:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
height = atoi(argv[4]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4455:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%dx%d", width, height);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4460:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "-%d", dist);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4462:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "+%d", x);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4467:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "-%d", dist);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4469:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "+%d", y);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4732:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[SZ_COMMAND];
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4768:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4771:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "%u %d %d %d %d ",
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4802:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "%u %d %d %d %d ",
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4807:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "%d ", ev->button); while (*op) op++;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4819:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "0 0 0 0 0 ");
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4844:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "%u %d %d %d %d ",
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4860:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "0 0 0 0 0 ");
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4868:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "0 %d %d 0 0 ", ev->x, ev->y);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4872:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "%d ", ev->width); while (*op) op++;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4873:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "%d ", ev->height); while (*op) op++;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4874:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "%d ", ev->count); while (*op) op++;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4882:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "0 %d %d 0 0 ", ev->x, ev->y);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4886:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "%d ", ev->width); while (*op) op++;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4887:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "%d ", ev->height); while (*op) op++;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4888:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "%d ", ev->count); while (*op) op++;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4909:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "0 0 0 0 0 ");
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4919:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "0 0 0 0 0 ");
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4928:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (op, "0 0 0 0 0 ");
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4952:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf (op, "shift "); while (*op) op++; }
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4954:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf (op, "lock "); while (*op) op++; }
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4956:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf (op, "control "); while (*op) op++; }
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4958:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf (op, "mod1 "); while (*op) op++; }
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4960:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf (op, "mod2 "); while (*op) op++; }
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4962:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf (op, "mod3 "); while (*op) op++; }
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4964:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf (op, "mod4 "); while (*op) op++; }
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:4966:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf (op, "mod5 "); while (*op) op++; }
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.h:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char translation_table_name[SZ_NAME];
data/x11iraf-2.0+2020.06.15+dfsg/obmsh/obmsh.c:15:58: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void *memmove(a,b,n) void *a; const void *b; size_t n; { bcopy(b,a,n); }
data/x11iraf-2.0+2020.06.15+dfsg/obmsh/obmsh.c:18:44: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void *memmove(a,b,n) void *a, *b; int n; { bcopy(b,a,n); }
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/button.c:179:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Line[ 6 ];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/button.c:184:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( Line, "\030\033G " );
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/button.c:206:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Line[ 6 ];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/button.c:554:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[9];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/button.c:569:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(line, "\033[t");
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/button.c:575:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(line, "\033[T");
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/button.c:1441:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[6];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/button.c:1453:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void) strcpy(line, "\033[M");
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/charproc.c:2341:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/charproc.c:2438:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *save [4 * MAX_ROWS];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/charproc.c:2897:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/charproc.c:2922:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "@im=");
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/charproc.c:3446:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapName[1000];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/charproc.c:3447:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapClass[1000];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/charproc.c:3474:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int percent = (*param_count) ? atoi(params[0]) : 0;
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/data.c:99:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gtermio_appname[SZ_APPNAME+1];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/gtermio.c:118:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char g_buf[SZ_GBUF]; /* circular buffer */
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/gtermio.c:144:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pl_text[MAX_PLPTS]; /* encoded [x,y] coord data */
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/gtermio.c:156:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tx_buf[SZ_TXBUF+1]; /* polytext text buffer */
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/gtermio.c:176:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s_reset[SZ_ESCAPE]; /* sent to client on reset */
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/gtermio.c:177:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s_resize[SZ_ESCAPE]; /* sent to client on resize */
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/gtermio.c:458:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fname, buf[256];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/gtermio.c:464:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "/tmp/XGdbXXXXXX");
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/gtermio.c:1384:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char delstr[2];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/gtermio.c:1406:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txtbuf[2048];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/gtermio.c:1637:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[SZ_STRBUF];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/gtermio.c:1680:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curval[20];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/gtermio.c:1739:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curval[7];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/gtermio.c:1777:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char e_seq[MAX_FIELDS+1]; /* the sequence itself */
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/gtermio.c:2091:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuf[80];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/gtermio.c:2104:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (obuf, "\033[5;%d;%d;%d;%d;%d]",
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/gtermio.c:2139:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char obuf[128];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/gtermio.c:2243:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char obuf[128];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/gtermio.c:2338:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char obuf[128];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/gtermio.c:2466:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuf[128];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/gtermio.c:2478:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (obuf,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/input.c:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[STRBUFSIZE];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:224:58: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void *memmove(a,b,n) void *a; const void *b; size_t n; { bcopy(b,a,n); }
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:228:44: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void *memmove(a,b,n) void *a, *b; int n; { bcopy(b,a,n); }
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:631:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char passedPty[2]; /* name if pty if slave */
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:638:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mit_console_name[255 + MIT_CONSOLE_LEN + 1] = MIT_CONSOLE;
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1387:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
i = open ("xgterm.debug.log", O_WRONLY | O_TRUNC, 0666);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1451:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1454:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%lx\n", XtWindow (XtParent (term)));
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1635:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
result = ((*pty = open("/dev/ptmx", O_RDWR)) < 0);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1648:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((*pty = open("/dev/ptc", O_RDWR)) >= 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1658:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((*pty = open(pty_name, O_RDWR)) >= 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1684:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*pty = open("/dev/ptc", O_RDWR);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1687:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ttydev, "/dev/ttyq%d", minor(fstat_buf.st_rdev));
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1694:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((*pty = open("/dev/ptym/clone", O_RDWR)) >= 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1774:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((*pty = open ("/dev/ptmx", O_RDWR)) < 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1786:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((*pty = open ("/dev/ptc", O_RDWR)) < 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1810:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((*pty = open (pty_name, O_RDWR)) >= 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1826:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*pty = open ("/dev/ptc", O_RDWR);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1830:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ttydev, "/dev/ttyq%d", minor(fstat_buf.st_rdev));
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1832:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ptydev, "/dev/ptyq%d", minor(fstat_buf.st_rdev));
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1833:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((*tty = open (ttydev, O_RDWR)) < 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1864:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ttydev, "/dev/ttyp%03d", devindex);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1865:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ptydev, "/dev/pty/%03d", devindex);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1867:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((*pty = open (ptydev, O_RDWR)) >= 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1885:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((*pty = open (ptydev, O_RDWR)) >= 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1993:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2218:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char termcap[TERMCAP_SIZE];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2219:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newtc[TERMCAP_SIZE];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2224:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2284:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tty = open("/dev/tty", O_RDWR);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2481:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024], *p = temp;
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2530:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[sizeof(dummy.ut_host) + 1], *endptr;
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2578:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ptyfd = open(pty_name, O_RDWR)) < 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2679:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
&& (tty = open("/dev/tty", O_RDWR)) >= 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2687:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((tty = open(ttydev, O_RDWR)) >= 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2698:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((i = open("/dev/tty", O_RDWR)) >= 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3041:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open("/dev/console", O_RDWR);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3117:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%lu",
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3133:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open("/dev/tty", O_RDWR)) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3162:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
close(open(ttydev, O_WRONLY));
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3296:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(i = open(etc_wtmp, O_WRONLY | O_APPEND)) >= 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3313:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(i = open(etc_utmp, O_WRONLY)) >= 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3333:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(i = open(etc_wtmp, O_WRONLY | O_APPEND)) >= 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3340:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(i = open(_U_LASTLOG, O_WRONLY)) >= 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3377:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(i = open(etc_lastlog, O_WRONLY)) >= 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3468:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numbuf[12];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3469:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(numbuf, "%d", screen->max_col + 1);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3471:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(numbuf, "%d", screen->max_row + 1);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3506:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(newtc, ":im=\\E[4h:ei=\\E[4l:mi:");
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3781:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char termcap [1024];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3782:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newtc [1024];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3791:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3848:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tty = open ("/dev/tty", O_RDWR, 0);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4059:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numbuf[12];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4074:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ptyfd = open (ptsname(screen->respond), O_RDWR)) < 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4157:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!no_dev_tty && (tty = open ("/dev/tty", O_RDWR)) >= 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4162:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((tty = open(ttydev, O_RDWR, 0)) >= 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4173:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((i = open("/dev/tty", O_RDWR, 0)) >= 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4399:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open("/dev/console",O_RDWR);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4447:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%lu",
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4462:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open ("/dev/tty", O_RDWR)) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4493:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
close(open(ttydev, O_WRONLY, 0));
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4574:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(i = open(etc_wtmp, O_WRONLY|O_APPEND)) >= 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4591:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(i = open(etc_utmp, O_WRONLY)) >= 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4610:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(i = open(etc_wtmp, O_WRONLY|O_APPEND)) >= 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4619:38: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(i = open(_U_LASTLOG, O_WRONLY)) >= 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4629:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(i = open(etc_lastlog, O_WRONLY)) >= 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4719:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (numbuf, "%d", screen->max_col + 1);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4721:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (numbuf, "%d", screen->max_row + 1);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4748:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (newtc, ":im=\\E[4h:ei=\\E[4l:mi:");
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:5019:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(etc_wtmp, O_WRONLY | O_APPEND)) >= 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:5035:40: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(!am_slave && tslot > 0 && (wfd = open(etc_utmp, O_WRONLY)) >= 0)){
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:5042:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(wfd = open(etc_wtmp, O_WRONLY | O_APPEND)) >= 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:5090:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (oldtc, "co#80:");
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:5094:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (oldtc, "li#24:");
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:5107:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (newtc, "%d", li_first ? screen->max_row + 1 :
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:5113:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (newtc, "%d", li_first ? screen->max_col + 1 :
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/menu.c:221:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[128];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:180:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c, *p, hexval[2];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:474:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pathname, O_WRONLY|O_CREAT|O_APPEND, mode);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:532:3: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
mkstemp(log_default);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:606:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((screen->logfd = open(screen->logfile, O_WRONLY | O_APPEND,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:665:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:1075:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[128];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:1084:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxerrs = ((err = getenv (env_maxerrs)) ? atoi(err) : 50);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:1118:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (fname, "core.%d", pid);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:1498:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/ptyx.h:160:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a_dflt[NPARAM]; /* Default value flags */
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/ptyx.h:171:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gsets[4];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/ptyx.h:235:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *names[NCOLORS];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/ptyx.h:370:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gsets[4]; /* G0 through G3. */
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/ptyx_new.h:1092:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *names[NCOLORS];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/ptyx_new.h:1102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gsets[4];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/ptyx_new.h:1350:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gsets[4]; /* G0 through G3. */
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/ptyx_new.h:1381:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vt52_save_gsets[4];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/ptyx_new.h:1818:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data [TEK_LINK_BLOCK_SIZE];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/screen.c:218:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *save [4 * MAX_ROWS];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/screen.c:227:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bzero ((char *) save [i], size);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/screen.c:258:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *save [4 * MAX_ROWS];
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/screen.c:265:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bzero ((char *) save [i], size);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/scrollbar.c:494:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mult *= atoi (params[0]);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/scrollbar.c:497:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mult = atoi (params[0]) * FontHeight(screen); /* lines */
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/eps.c:1891:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/eps.c:1892:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[32];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/eps.c:1893:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[32];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/eps.h:66:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char r[256]; /* red colormap */
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/eps.h:67:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char g[256]; /* green colormap */
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/eps.h:68:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[256]; /* blue colormap */
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/fitsio.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[80]; /* image title */
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/fitsio.c:205:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyw[8], val;
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/fitsio.c:207:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (fname, "r"))) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/fitsio.c:301:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(file, "rb");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/fitsio.c:351:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[9];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/fitsio.c:425:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "NAXIS%d", j + 1);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/fitsio.c:443:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (fs->title, "No Title");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/fitsio.c:506:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(card, name, l); /* copy name */
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/fitsio.c:516:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&card[10], "%20d", kvalue);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/fitsio.c:544:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namestr[9];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/fitsio.c:545:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char error[45];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/fitsio.c:547:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(namestr, card, 8);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/fitsio.c:575:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[21];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/fitsio.c:584:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(num, &card[ptr], end - ptr);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/gifio.c:145:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen(fname, "rb")) == NULL)
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/gifio.c:214:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[5];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/gifio.c:216:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (fname, "r"))) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/gifio.c:240:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (fname, "r");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/gifio.c:338:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[4];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/gifio.c:438:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/gifio.c:461:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "UNKNOWN (0x%02x)", label);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/gifio.c:1044:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char accum[ 256 ]; /* Define the storage for the packet accumulator */
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:194:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((datain = open (xim->input_fifo, O_RDONLY|O_NDELAY)) != -1) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:195:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dataout = open (xim->input_fifo, O_WRONLY|O_NDELAY)) != -1)
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:206:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((datain = open (xim->output_fifo, O_RDONLY|O_NDELAY)) == -1)
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:215:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
keepalive = open (xim->output_fifo, O_WRONLY);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:329:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:381:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (xim->unixaddr, "none");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:484:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_FIFOBUF];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:570:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "uncache %d", mp->id);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:641:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *ip, iobuf[SZ_IOBUF];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:703:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *op, iobuf[SZ_IOBUF];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:778:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char emsg[SZ_WCSBUF];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:790:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text=emsg, "version=%d", IIS_VERSION);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:827:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wcs[SZ_WCSBUF], mapping[SZ_WCSBUF];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:839:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (text=emsg, "[NOSUCHWCS]\n");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:854:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (text=emsg, "[NOSUCHFRAME]\n");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:1214:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curval[SZ_IMCURVAL];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:1215:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keystr[20];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:1258:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (curval, "EOF\n");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:1264:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (keystr, "\\%03o", key);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:1295:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:1341:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "wcstran %d %g %g\n", mp->id, wx, wy);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:1475:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], *format;
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:1551:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_WCSBUF];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:1612:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "wcslist %d", mp->id);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:1618:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "orient %d %d %d %d",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:119:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((hdr = fopen (fname, "r")) == NULL)
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:124:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pixfile_v1[SZ_V1PIXFILE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:151:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header_v2[SZ_V2HDR];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:152:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pixfile_v2[SZ_V2PIXFILE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:162:17: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy ((char *)&header_v2[IM_V2SWAPPED], &swapped, sizeof(int));
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:176:17: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy ((char *)&header_v2[IM_V2PHYSLEN], &px, sizeof(int));
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:177:17: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy ((char *)&header_v2[IM_V2PHYSLEN+sizeof(int)], &py,
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:179:17: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy ((char *)&header_v2[IM_V2LEN], nx, sizeof(int));
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:180:17: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy ((char *)&header_v2[IM_V2LEN+sizeof(int)], ny,
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:182:17: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy ((char *)&header_v2[IM_V2PIXTYPE], &ptype, sizeof(int));
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:183:17: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy ((char *)&header_v2[IM_V2PIXOFF], &offset, sizeof(int));
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:188:13: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy ((char *)&header_v2[IM_V2PIXFILE], pixfile_v2, SZ_V2PIXFILE);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:221:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[24];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:223:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (fname, "r"))) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:257:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((hdr = fopen (fname, "r")) == NULL)
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:262:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title_v1[SZ_V1TITLE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:273:13: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy ((char *)&header_v1[IM_V1TITLE], title_v1, SZ_V1TITLE);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:280:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header_v2[SZ_V2HDR];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:281:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title_v2[SZ_V2TITLE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:291:17: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy ((char *)&header_v2[IM_V2SWAPPED], &swapped, sizeof(int));
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:300:17: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy ((char *)&header_v2[IM_V2LEN], &nx, sizeof(int));
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:301:17: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy ((char *)&header_v2[IM_V2LEN+sizeof(int)], &ny,
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:303:17: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy ((char *)&header_v2[IM_V2PIXTYPE], &ptype, sizeof(int));
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:306:13: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy ((char *)&header_v2[IM_V2TITLE], title_v2, SZ_V2TITLE);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:356:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[SZ_V1PIXFILE], *ip;
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:414:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen (pixfile, "r");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:92:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[SZ_FNAME], *ism_path;
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:96:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ism_debug = atoi(getenv("DEBUG_ISM"));
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:268:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SZ_FNAME], path[SZ_FNAME];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:269:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[2*SZ_ISMBUF+1];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:270:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_ISMBUF+1];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:300:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy (buf, message, count);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:439:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[SZ_ISMBUF+1];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:640:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char objects[SZ_LINE] = "";
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:644:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (objects, "|\0");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism_wcspix.c:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism_wcspix.c:54:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "wcslist %d", mp->id);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism_wcspix.c:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism_wcspix.c:87:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "uncache %d", mp->id);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism_wcspix.c:135:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[SZ_MSGBUF];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:63:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (flp->pattern, "*.fits,*.imh");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:76:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "gray %d\0", flp->gray);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:78:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "zscale %d\0", flp->zscale);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:80:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "zrange %d\0", flp->zrange);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:82:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "z1 %g\0", flp->z1);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:84:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "z2 %g\0", flp->z2);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:86:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "nsample %d\0", flp->nsample);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *mapname, *err, buf[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:297:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d %d %d\0", cf->width, cf->height, 8);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:333:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "uncache %d", mp->id);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:379:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "wcslist %d", mp->id);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:385:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "orient %d %d 1 1", mp->id, fr->frameno);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:433:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (flist, "setValue {");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:474:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (flist, "setValue {");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:557:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patterns[64][20];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:900:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/logo.c:20:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char r[256], g[256], b[256];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/logo/mkhdr.c:7:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[NBYTES];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/logo/mkhdr.c:13:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (argv[1], O_RDONLY, 0644);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:49:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char r[256], g[256], b[256];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:51:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmpfile[SZ_FNAME];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:51:14: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
static char tmpfile[SZ_FNAME];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:52:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fname[SZ_FNAME];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:53:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:61:9: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
bzero (tmpfile, SZ_FNAME);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:96:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (fname, "w"))) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:118:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ok_action[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:119:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cancel_action[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:120:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfile[SZ_FNAME];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:120:8: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
char tmpfile[SZ_FNAME];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:124:10: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
bzero (tmpfile, SZ_FNAME);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:130:21: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
for (ip=fname, op=tmpfile, last=tmpfile; (*op = *ip++); op++) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:130:35: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
for (ip=fname, op=tmpfile, last=tmpfile; (*op = *ip++); op++) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:135:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tmpfile, "ximpXXXXXX");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:135:11: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
strcat (tmpfile, "ximpXXXXXX");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:136:14: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (mktemp(tmpfile) == (char *)NULL)
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:139:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen (tmpfile, "w"))) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:139:21: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (!(fp = fopen (tmpfile, "w"))) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:140:57: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
sprintf (text, "Cannot open temporary file:\n%s", tmpfile);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:154:45: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
sprintf (ok_action, "print rename %s %s", tmpfile, fname);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:155:46: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
sprintf (cancel_action, "print cancel %s", tmpfile);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:162:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tmpfile, "/tmp/ximpXXXXXX");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:162:14: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
strcpy (tmpfile, "/tmp/ximpXXXXXX");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:163:17: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (mktemp(tmpfile) == (char *)NULL)
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:166:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen (tmpfile, "w")))
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:166:24: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (!(fp = fopen (tmpfile, "w")))
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:173:36: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
sprintf (text, "cat %s | %s", tmpfile, pcp->printCmd);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:175:14: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
unlink (tmpfile); /* delete tmp file */
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:195:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:227:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:253:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (pcp->printFile, "frame%d.eps");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:276:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE], plist[MAX_PRINTERS*20];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:284:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen (xim->printConfig, "r")))
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:378:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/rasio.c:45:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char errstr[128];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/rasio.c:106:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (fname, "r");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/rasio.c:244:11: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(line, image + w * i, w);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/rasio.c:247:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(line, image + w * i * 3, w * 3);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/rasio.c:302:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *line, *graypic, graymap[256], *sp, *dp;
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/rasio.c:408:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy (pixels + y * w, line, w);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/rasio.c:439:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (fname, "r"))) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/rasio.c:461:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (fname, "r");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:136:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fname, *ip, *op, sbuf[8192];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:141:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmapname[SZ_NAME];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:234:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d %d %d", cf->width, cf->height, 8);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:455:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:545:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d %d %d %d", sx, sy, width, height);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:622:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:692:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%g %g %g %g %g %g %g %g",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:901:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:1023:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[256], tw[16];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:1054:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, " %d ", i+1);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:1058:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (text, " Blank ");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:1068:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (text, " Blank ");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:1088:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tw, "%dch", len);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:1383:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:1604:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%g %g %g %g %g %g %g %g",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2220:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[SZ_MSGBUF];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2235:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2236:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (msgbuf, "setValue {%d}", value);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2255:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2278:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2286:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d %d %d %d %d", fb->frameno, sx, sy, snx, sny);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2299:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_COLORMAPS*40];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2323:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2353:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[SZ_LINE+1], *fname;
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2384:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (fname, "r");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2387:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (fname = lbuf, "r");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2394:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (fname = xim->imtoolrc, "r");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2396:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (fname = fb_paths[i], "r"))) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2464:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[SZ_NAME];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2530:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_FNAME];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2531:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2553:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (fname, "r")) == NULL) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:47:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (fsp->fname, "frame%d.ras");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:50:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "format ras");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:52:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "color pseudocolor");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:54:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "fname frame%%d.ras");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:85:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[SZ_LINE], fname[SZ_FNAME];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:86:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char r[256], g[256], b[256];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:125:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (fname, "w"))) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:148:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ok_action[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:149:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cancel_action[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:150:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfile[SZ_FNAME];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:150:11: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
char tmpfile[SZ_FNAME];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:154:24: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
for (ip=fname, op=tmpfile, last=tmpfile; (*op = *ip++); op++)
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:154:38: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
for (ip=fname, op=tmpfile, last=tmpfile; (*op = *ip++); op++)
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:158:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tmpfile, "ximsXXXXXX");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:158:14: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
strcat (tmpfile, "ximsXXXXXX");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:159:17: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (mktemp(tmpfile) == (char *)NULL)
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:162:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen (tmpfile, "w"))) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:162:24: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (!(fp = fopen (tmpfile, "w"))) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:163:53: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
sprintf (text, "Cannot open temporary file:\n%s", tmpfile);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:174:47: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
sprintf (ok_action, "save rename %s %s", tmpfile, fname);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:175:48: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
sprintf (cancel_action, "save cancel %s", tmpfile);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:290:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:323:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/save.c:341:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fmt, *fname, text[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/tiffio.c:82:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dta, data, size * sizeof(unsigned char));
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/util.c:71:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char temp[4];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/util.c:113:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char temp[8];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/util.c:155:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch[4];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:312:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xim_setFrame (xc->xim, atoi(argv[1]));
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:334:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frameno[SZ_NAME];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:339:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (frameno, "%d", xc->xim->display_frame);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:341:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:347:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (frameno, "%d", fb->frameno);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:375:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NAME];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:380:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", xim->df_p->raster);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:382:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
frameno = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:388:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", fb->raster);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:418:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_NAME];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:425:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", fb->raster);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:429:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", sx);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:431:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", sy);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:433:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", snx);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:435:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", sny);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:439:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", fb->frameno);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:515:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
reference_frame = atoi (argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:524:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
frames[i] = atoi (items[i]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:557:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
reference_frame = atoi (argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:566:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
frames[i] = atoi (items[i]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:641:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
frame = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:698:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:711:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi (strval);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:755:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
frame_list |= (1 << (atoi(items[i]) - 1));
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:785:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
frame_list |= (1 << (atoi(items[i]) - 1));
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:829:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d %d", nx, ny);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:863:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1060:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char junk[MAX_COLORS];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1069:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1122:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "0 0");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1124:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%g %g", (imax%nx)-size, (imax/nx)-size);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1127:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "0 0");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1129:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%g %g", (imin%nx)-size, (imin/nx)-size);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1150:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "0 0");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1196:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d %d", nint(cx-size), nint(cy-size));
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1242:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
format = atoi (argv[5]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1249:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sample = (isdigit(*argv[6]) ? atoi (argv[6]) : 1);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1290:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (val, "{%10.1f} ", z1); strcat (buf, val);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1291:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (val, "{%10.1f} ", z2); strcat (buf, val);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1295:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (val, "{%10.1f%c} ", data[i],
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1301:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (val, "{%g %g} ", i * scale, data[i]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1306:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (val, "{%g %g} ", data[i], i * scale);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1311:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (val, "{%f} ", data[i]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1375:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
frame = (argc > 3) ? atoi (argv[3]) : xim->display_frame;
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1376:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wcs = (argc > 4) ? atoi (argv[4]) : 1;
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1409:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1418:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sz = (argc > 3) ? atoi (argv[3]) : 0;
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1469:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *option, strval[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1470:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1485:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi (strval);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1608:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "deviceType Printer");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1612:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "printerName %d", pcp->printno);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1617:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "deviceType File");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1627:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "deviceType Printer");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1681:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *option, strval[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1682:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1701:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (fsp->fname, "frame%d.ras");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1704:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (fsp->fname, "frame%d.raw");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1709:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (fsp->fname, "frame%d.gif");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1713:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (fsp->fname, "frame%d.jpg");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1717:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (fsp->fname, "frame%d.tiff");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1721:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (fsp->fname, "frame%d.fits");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1725:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (fsp->fname, "frame%d.eps");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1729:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (fsp->fname, "frame%d.xwd");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1787:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1902:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
x0 = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1903:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
y0 = atoi (argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1904:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nx = atoi (argv[3]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1905:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ny = atoi (argv[4]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1949:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
x0 = atoi (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1950:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
y0 = atoi (argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1951:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nx = atoi (argv[3]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1952:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ny = atoi (argv[4]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1980:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1988:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
frame = (argc >= 3) ? atoi(argv[2]) : xim->display_frame;
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2110:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (message, "\n\0");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2131:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmapname[80], line[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2181:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[SZ_LINE], path[80];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2185:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (text, "\t\tClient Communications Channels\n\n");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2187:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (text, " Display Client Connections\t ");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2188:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (text, "ISM Client Connections\n");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2189:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (text, " --------------------------\t ");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2190:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (text, "----------------------\n");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2193:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (line, " inet: %d\t\t\t ", xim->port);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2195:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (line, " inet: Disabled\t\t");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2206:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (line, " unix: Disabled\n");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2214:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (line, " fifo: Disabled\n\n");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2218:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (text, "\t\t Available ISM Components\n\n");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2219:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (text, " Name Channel Command\n");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2220:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (text, " ---- ------- -------\n");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2244:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2247:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (line,
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2252:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (text, "Frame WCS:\n");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2284:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (text, " \n \n");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2292:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (line, "\nMapping %d: \n", mp->id);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2295:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (line, " a = %7.3f b = %7.3f\n", ct->a, ct->b);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2297:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (line, " c = %7.3f d = %7.3f\n", ct->c, ct->d);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2299:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (line, " tx = %7.3f ty = %7.3f\n", ct->tx, ct->ty);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2310:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (line, " src: x=%9f y=%9f nx=%d ny=%d\n",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2313:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (line, " dest: x=%9d y=%9d nx=%d ny=%d\n",
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2320:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (text, " \n \n");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2334:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2336:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (text, " Frame Buffer Configuration Table\n");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2337:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (text, " --------------------------------\n\n");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2341:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (text, "\n Config NFrames\tWidth\tHeight\n");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2342:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (text, " ------ -------\t-----\t------\n");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2358:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (line, " %4d\t\t 0\t n/a\t n/a\n", i);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2365:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (text, " \n \n");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2403:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
color = atoi(argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2406:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
save = atoi(argv[4]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:102:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (argv[i-1], "-xrm\0");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:107:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ncolors = atoi (argv[++i]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:109:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (argv[i-1], "-xrm\0");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:111:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (argv[i], "XImtool*maxColors:%d\0", ncolors);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:114:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
base = atoi (argv[++i]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:115:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (argv[i-1], "-xrm\0");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:117:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (argv[i], "XImtool*basePixel:%d", base);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:121:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (argv[i-1], "-xrm\0");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:127:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (argv[i-1], "-xrm\0");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:133:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (argv[i-1], "-xrm\0");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:139:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (argv[i-1], "-xrm\0");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:145:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (argv[i-1], "-xrm\0");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:244:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xim->def_config = atoi (argv[++i]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:248:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xim->def_nframes = min (MAX_FRAMES, atoi (argv[i]));
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:267:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xim->port = atoi (argv[++i]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:270:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xim->nports = atoi (argv[++i]);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:562:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[128];
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:577:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (fname, "core.%d", pid);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.h:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[32]; /* wcs output format */
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.h:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imtitle[SZ_IMTITLE+1]; /* image title from WCS */
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.h:92:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ref[SZ_FNAME+1]; /* image reference from WCS */
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.h:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char region[SZ_FNAME+1]; /* region name from WCS */
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.h:115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[SZ_LABEL+1]; /* frame label string */
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.h:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wcsbuf[SZ_WCSBUF]; /* wcs info string */
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.h:133:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SZ_CMAPNAME+1]; /* colormap name */
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.h:155:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[SZ_FNAME+1]; /* for unix sockets */
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.h:173:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SZ_FNAME+1]; /* client name */
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.h:174:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[SZ_FNAME+1]; /* for unix sockets */
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.h:175:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[SZ_ISMBUF+1]; /* incomplete message buffer */
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.h:183:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SZ_FNAME]; /* name of the module */
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.h:184:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[SZ_LINE]; /* cmd to execute for module */
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.h:196:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printerName[SZ_FNAME+1]; /* printer name */
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.h:197:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printCmd[SZ_FNAME+1]; /* printer dispose command */
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.h:206:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printFile[SZ_FNAME+1]; /* disk filename template */
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.h:207:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printCmd[SZ_FNAME+1]; /* dispose command */
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.h:216:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_FNAME+1]; /* save filename */
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.h:238:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curdir[SZ_FNAME+1]; /* current directory */
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.h:239:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char homedir[SZ_FNAME+1]; /* home directory */
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.h:240:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[SZ_NAME+1]; /* file pattern to match */
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c:121:58: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void *memmove(a,b,n) void *a; const void *b; size_t n; { bcopy(b,a,n); }
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c:124:44: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void *memmove(a,b,n) void *a, *b; int n; { bcopy(b,a,n); }
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c:136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c:149:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "xtapemon %d.%d - IRAF Tape Monitor Utility",
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c:152:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Welcome to xtapemon %d.%d",
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c:249:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32],class[32],parent[256];
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c:328:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c:329:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "fcntl failed, errno=%d", errno);
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c:356:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char msg[SZ_MSGBUF];
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c:358:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[SZ_LINE], value[SZ_LINE];
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c:359:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuf[SZ_LINE], iodev[SZ_FNAME];
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c:451:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ival = atoi (value);
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c:452:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (obuf, " %d.%02d Mb", ival / 1000, ((ival%1000) + 5) / 10);
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c:457:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ival = atoi (value);
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c:458:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (obuf, " %d.%02d Mb (%02d%%)",
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c:464:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ival = atoi (value);
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c:518:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c:682:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c:692:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c:711:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/zzdebug.c:51:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (msg, "message %d\\n\nfile = %d\n", i, i);
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/zzdebug.c:57:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (msg, "record = %d\n", i);
data/x11iraf-2.0+2020.06.15+dfsg/obm/Obm.c:147:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
obm->debug_objs = (char *) XtCalloc (1, strlen(s)+1);
data/x11iraf-2.0+2020.06.15+dfsg/obm/Obm.c:525:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (fd, message, nchars) != nchars)
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Group.c:361:102: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
y - ((XfwfGroupWidget)self)->xfwfFrame.innerOffset, ((XfwfGroupWidget)self)->xfwfGroup.label, strlen(((XfwfGroupWidget)self)->xfwfGroup.label));
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermGraphics.c:268:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dash_list_length = strlen(Dashed);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermGraphics.c:274:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dash_list_length = strlen(Dotted);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermGraphics.c:280:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dash_list_length = strlen(DashDot);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermGraphics.c:286:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dash_list_length = strlen(Dash3Dot);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermGraphics.c:1013:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mx->drawGC, x, y, text, strlen(text));
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermGraphics.c:1015:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mx->drawGC, x, y, text, strlen(text));
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermGraphics.c:1031:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*width = XTextWidth (fp, string, strlen(string));
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermGraphics.c:1120:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w->gterm.dialogGC, xpos, ypos, text, strlen(text));
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermGraphics.c:1122:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w->gterm.dialogGC, xpos, ypos, text, strlen(text));
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermGraphics.c:1135:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*width = XTextWidth (fp, string, strlen(string));
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermGraphics.c:1284:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
from.size = strlen (cursor_name) + 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:618:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nchars = strlen (gm->text);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:1323:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(gm->text = XtMalloc (strlen((char *)value) + 1)))
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:1896:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (isdigit(str[0]) && (int)strlen(str) <= 3) {
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:1905:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
from.size = strlen ((char *)value) + 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:2244:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (argv[argc++]=op, "x"); op += SZ_NUMBER;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:2249:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (argv[argc++]=op, "y"); op += SZ_NUMBER;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:3001:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gm->text = (char *) XtMalloc (strlen(w->gterm.gm_TextString)+1);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:3127:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w->gterm.gm_drawGC, x, y, line, strlen(line));
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/GtermMarker.c:3130:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w->gterm.gm_drawGC, x, y, line, strlen(line));
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:425:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define FontTextWidth(f,c) (int)XTextWidth(f, c, strlen(c))
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:1807:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:1832:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string);
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:2248:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dir, "/");
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:2250:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dir, "");
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/ListTree.c:2254:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dir, "/");
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/MultiList.c:78:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define FontW(f,s,w) (XfwfTextWidth(f,s,strlen(s), MultiListTabs(w)) + 1)
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/MultiList.c:87:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define XtStrlen(s) ((s) ? strlen(s) : 0)
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/MultiList.c:90:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define StrCopy(s) strcpy(TypeAlloc(char,strlen(s)+1),s)
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/MultiList.c:91:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define StrCopyRetLength(s,lp) strcpy(TypeAlloc(char,(*lp=(strlen(s)+1))),s)
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/MultiList.c:1121:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(MultiListItemString(item)),
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/MultiList.c:1463:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
byte_count = byte_count + strlen(string) + 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/MultiList.c:1469:16: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (i != 0) strcat(buffer,"\n");
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Tabs.c:1553:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lbl, (int)strlen(lbl)) ;
data/x11iraf-2.0+2020.06.15+dfsg/obm/ObmW/Tabs.c:1758:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tab->tabs.width += XTextWidth( font, lbl, (int)strlen(lbl) ) + iw ;
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:717:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (new->name, userproc, SZ_NAME);
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1745:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argc > 1 && (int)strlen(argv[1]) > 0)
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:1926:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argc > 1 && (int)strlen(argv[1]) > 0)
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2474:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcmp (&encoding[strlen(encoding)-4], "-rle") == 0) {
data/x11iraf-2.0+2020.06.15+dfsg/obm/gterm.c:2749:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcmp (&encoding[strlen(encoding)-4], "-rle") == 0) {
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:728:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchars += strlen (list[i].href) + 4;
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:729:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchars += strlen (list[i].role) + 4;
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:788:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchars += strlen (list[i]) + 4;
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:982:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (patstr, "");
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:1062:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (new->name, userproc, SZ_NAME);
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:1338:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n += strlen (fp->attribute_names[i]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/html.c:1339:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n += strlen (fp->attribute_values[i]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/listres/listres.c:167:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen (wn->label);
data/x11iraf-2.0+2020.06.15+dfsg/obm/listres/listres.c:275:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen (argv[0]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/marker.c:485:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (new_cb->name, procedure, SZ_NAME);
data/x11iraf-2.0+2020.06.15+dfsg/obm/param.c:250:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pp->len_value = strlen (argv[1]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:298:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (ip, reset, strlen(reset)) == 0) {
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:350:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
resource_buf = op = XtMalloc (strlen(resources) + MAX_RESOURCES);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:774:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (cb->name, argv[1], SZ_NAME);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:802:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (cb->name, argv[1], SZ_NAME);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1093:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchars = sizeof(serverCallback) + strlen(userproc)+1 +
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1094:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(client_data ? strlen(client_data)+1 : 0);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1101:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cb->userproc+strlen(userproc)+1 : NULL;
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1221:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchars = sizeof(serverCallback) + strlen(userproc)+1 +
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1222:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(client_data ? strlen(client_data)+1 : 0);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1228:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cb->client_data = client_data ? cb->userproc+strlen(userproc)+1 : NULL;
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1595:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
from.size = strlen (argv[5]) + 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1610:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
from.size = strlen (argv[6]) + 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1954:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
from.size = strlen (argv[4]) + 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:1972:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
from.size = strlen (argv[5]) + 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2177:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ip->label = XtMalloc (strlen(Tcl_GetStringResult (tcl)) + 1);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2483:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
from.size = strlen(s[i]) + 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2566:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
old->label = XtRealloc (old->label, strlen(new->label)+1);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2568:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
old->label = XtMalloc (strlen(new->label) + 1);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2578:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
old->data = XtRealloc (old->data, strlen(new->data)+1);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2580:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
old->data = XtMalloc (strlen(new->data) + 1);
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2589:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nchars = strlen (new->background) + 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2600:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
from.size = strlen(s) + 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2616:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nchars = strlen (new->foreground) + 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2627:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
from.size = strlen(s) + 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/server.c:2649:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nchars = strlen (new->accelerator) + 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:708:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (Tcl_GetStringResult (tcl), invalid, strlen(invalid)) != 0)
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:839:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (new_cb->name, s_proc, SZ_NAME);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:925:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (message, " ");
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:959:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
need = strlen(string)+3 + list->num_selected * 6;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1112:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat (message, "{ ", 2);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1123:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat (message, "}", 1);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1150:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat (message, "{ ", 2);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1159:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat (message, "}", 1);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1481:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(message = XtMalloc (strlen(s) + 10)))
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1664:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (wp->translation_table_name, name, SZ_NAME);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1860:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
from.size = strlen (argv[2]) + 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:1872:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wp->text_pos = strlen (argv[2]);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:2380:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
need = strlen(string)+3 + list->num_selected * 6;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3096:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat (message, "{ ", 2);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3105:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat (message, "}", 1);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3188:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat (message, "{ ", 2);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3196:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat (message, "}", 1);
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3444:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
from.size = strlen (value) + 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3455:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
from.size = strlen (value) + 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3543:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
from.size = strlen (argv[3]) + 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3556:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
from.size = strlen (argv[3]) + 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3685:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
from.size = strlen (argv[3]) + 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:3698:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
from.size = strlen (argv[3]) + 1;
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:5019:21: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(name, "*");
data/x11iraf-2.0+2020.06.15+dfsg/obm/widget.c:5022:21: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(name, "-");
data/x11iraf-2.0+2020.06.15+dfsg/obmsh/obmsh.c:83:30: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (op=message; (ch = getc(stdin)) != EOF; )
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/charproc.c:1647:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bcnt = read (*fd, (char *)(bptr = buffer), BUF_SIZE);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/charproc.c:2918:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = s + strlen(s);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/charproc.c:2958:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = s + strlen(s);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/charproc.c:3356:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0, len = strlen (s), acc = 0, numbers = digits = 0;
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/charproc.c:3519:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(val);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/charproc.c:3663:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpname = (char *) malloc (strlen(nfontname) + 1);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/gtermio.c:549:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
v_write (pty_fd, s_reset, strlen(s_reset));
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/gtermio.c:816:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchars = strlen (strval);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/gtermio.c:2106:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
v_write (pty_fd, obuf, strlen(obuf));
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/gtermio.c:2483:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
v_write (pty_fd, obuf, strlen(obuf));
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:907:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
col = 8 + strlen(ProgramName);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:909:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = 3 + strlen(opt->opt); /* space [ string ] */
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1039:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ttydev = (char *) malloc (strlen (TTYDEV) + 1);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1040:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptydev = (char *) malloc (strlen (PTYDEV) + 1);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1455:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write (pty, buf, strlen (buf));
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1877:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ttydev [strlen(ttydev) - 2] = ptydev [strlen(ptydev) - 2] =
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1877:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ttydev [strlen(ttydev) - 2] = ptydev [strlen(ptydev) - 2] =
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1881:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ttydev [strlen(ttydev) - 1] = ptydev [strlen(ptydev) - 1] =
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:1881:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ttydev [strlen(ttydev) - 1] = ptydev [strlen(ptydev) - 1] =
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2090:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
register size_t len = strlen(var);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2096:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(value) + 1);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2104:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
environ[envindex] = (char *) malloc((unsigned) len + strlen(value) + 1);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2119:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(device);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2151:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(leaf);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2532:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(host, DisplayString(screen->display), sizeof host);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2719:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
i = read(pc_pipe[0], (char *) &handshake,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2734:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(handshake.buffer) + 1));
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:2747:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned) (strlen(ptr) + 1));
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3229:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(utmp.ut_id, my_utmp_id(ttydev), sizeof(utmp.ut_id));
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3248:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(utmp.ut_user,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3252:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(utmp.ut_id, my_utmp_id(ttydev), sizeof(utmp.ut_id));
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3253:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(utmp.ut_line,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3257:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(buf, DisplayString(screen->display), sizeof(buf));
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3265:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(utmp.ut_host, buf, sizeof(utmp.ut_host));
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3267:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(utmp.ut_name,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3315:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(utmp.ut_line,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3318:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(utmp.ut_name, login_name,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3321:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(utmp.ut_host,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3364:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(lastlog.ll_line,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3368:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(lastlog.ll_host,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3379:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(lastlog.ll_line,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3382:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(lastlog.ll_host,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3443:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
i = read(pc_pipe[0], (char *) &handshake,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3512:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(newtc);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3574:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shname_minus = (char *) malloc(strlen(shname) + 2);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3575:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
(void) strcpy(shname_minus, "-");
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3578:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ldisc = XStrCmp("csh", shname + strlen(shname) - 3) == 0 ?
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3609:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(cp_pipe[0],
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3830:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptydev[strlen(ptydev) - 2] = ttydev[strlen(ttydev) - 2] =
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3830:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptydev[strlen(ptydev) - 2] = ttydev[strlen(ttydev) - 2] =
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3832:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptydev[strlen(ptydev) - 1] = ttydev[strlen(ttydev) - 1] =
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:3832:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptydev[strlen(ptydev) - 1] = ttydev[strlen(ttydev) - 1] =
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4194:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
i = read(pc_pipe[0], (char *) &handshake,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4209:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(handshake.buffer) + 1));
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4219:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ttydev = realloc (ttydev, (unsigned) (strlen(ptr) + 1));
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4520:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(utmp.ut_id,ptyname + strlen(ptyname)-PTYCHARLEN,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4520:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) strncpy(utmp.ut_id,ptyname + strlen(ptyname)-PTYCHARLEN,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4532:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(utmp.ut_user,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4536:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(utmp.ut_id, ptyname + strlen(ptyname)-PTYCHARLEN,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4536:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)strncpy(utmp.ut_id, ptyname + strlen(ptyname)-PTYCHARLEN,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4538:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy (utmp.ut_line,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4539:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptyname + strlen("/dev/"), sizeof (utmp.ut_line));
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4542:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(buf, DisplayString(screen->display),
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4551:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(utmp.ut_host, buf, sizeof(utmp.ut_host));
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4553:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(utmp.ut_name, pw->pw_name,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4593:12: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(utmp.ut_line,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4594:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ttydev + strlen("/dev/"),
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4596:12: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(utmp.ut_name, pw->pw_name,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4599:12: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(utmp.ut_host,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4632:16: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(lastlog.ll_line, ttydev +
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4635:16: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(lastlog.ll_host,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4691:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
i = read (pc_pipe[0], (char *) &handshake,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4806:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shname_minus = malloc(strlen(shname) + 2);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4807:10: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
(void) strcpy(shname_minus, "-");
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4810:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ldisc = XStrCmp("csh", shname + strlen(shname) - 3) == 0 ?
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4838:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(cp_pipe[0], (char *) &handshake, sizeof(handshake)) <= 0) {
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4892:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ttydev = malloc((unsigned) strlen(handshake.buffer) + 1);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4999:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(utmp.ut_id, ptyname + strlen(ptyname) - PTYCHARLEN,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:4999:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) strncpy(utmp.ut_id, ptyname + strlen(ptyname) - PTYCHARLEN,
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:5043:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(utmp.ut_line, ttydev +
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:5105:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (newtc, oldtc, i = ptr1 - oldtc);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:5109:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newtc += strlen(newtc);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/main.c:5111:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (newtc, ptr1, i = ptr2 - ptr1);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/menu.c:228:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start = label + strlen(label);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:195:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
StringInput (screen, *params, strlen(*params));
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:533:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((screen->logfile = malloc((unsigned)strlen(log_default) + 1)) == NULL)
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:572:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(shell = malloc((unsigned) strlen(cp) + 1)) == NULL)
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:714:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((cp = malloc((unsigned)strlen(buf) + 1)) == NULL)
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:831:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpName= XtMalloc(strlen(pOld->names[TEXT_BG])+1);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:881:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newName= XtMalloc(strlen(name)+1);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:1020:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
register int len = strlen(var);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:1025:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
environ[envindex] = (char *)malloc ((unsigned)len + strlen (value) + 1);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:1037:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
environ [envindex] = (char *) malloc ((unsigned)len + strlen (value) + 1);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:1051:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int s2len = strlen (s2);
data/x11iraf-2.0+2020.06.15+dfsg/xgterm/misc.c:1502:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (gtermio_appname, name, SZ_APPNAME);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/eps.c:414:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy (psim->label, label, maxlen-1);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/eps.c:1027:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lly + (srows/2) - 8.25*(strlen(psim->label)/2) );
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/eps.c:1031:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
llx + (scols/2) - 8.25*(strlen(psim->label)/2),
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/fitsio.c:208:6: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
fscanf (fp, "%6s = %c", keyw, &val);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/fitsio.c:504:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(name);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/gifio.c:247:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(version, buf + 3, 3);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/gifio.c:346:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(version, buf + 3, 3);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:351:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
addrlen = sizeof(sockaddr) - sizeof(sockaddr.sun_path) + strlen(path);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:367:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (chan->path, path, SZ_FNAME);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:846:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write (2, text, strlen (text));
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:865:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write (2, text, strlen(text));
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:891:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (chan->rf_p->wcsbuf, buf,
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:1493:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ct->imtitle, "[NO WCS]\n", SZ_IMTITLE);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:1500:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ct->imtitle, buf, SZ_IMTITLE);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:1563:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ct->imtitle, "[NO WCS]\n", SZ_IMTITLE);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:1569:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ct->imtitle, buf, SZ_IMTITLE);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:1594:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (mp->region, "none", SZ_IMTITLE);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:1595:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (mp->ref, "none", SZ_IMTITLE);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/iis.c:1664:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( (nb = read(fd, ptr, nleft)) < 0) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:277:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (title, title_v1, SZ_V1TITLE);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:308:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (title, title_v2, SZ_V2TITLE/2);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:365:20: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy (temp, ip, SZ_V1PIXFILE);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:366:20: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy (pfile, fname, SZ_V1PIXFILE);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/irafio.c:369:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (pfile);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:129:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy (chan->name, "", SZ_FNAME);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:130:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (chan->path, path, SZ_FNAME);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:279:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
count = read (datain, buf, SZ_ISMBUF);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:294:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(chan->msgbuf);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:316:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf ("INCOMPLETE '%s' ip=%d len=%d\n", text,ip,strlen(text));
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:351:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (new_chan->path, path, SZ_FNAME);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:352:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (new_chan->name, name, SZ_FNAME);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:370:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ism_write (dataout, buf, strlen(buf));
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:416:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf ("SEND: len=%d '%s'->'%.45s'\n", strlen(buf), name, buf);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:546:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
register int len = strlen(command) + 1;
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:553:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (buf) + 1; /* +1 to send the NULL */
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:590:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
addrlen = sizeof(sockaddr) - sizeof(sockaddr.sun_path) + strlen(path);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ism.c:664:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( (nb = read(fd, ptr, nleft)) < 0) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:636:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(char *) malloc (strlen(entry->d_name) + 2);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:641:11: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (filelist[*number_entries],"/");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/load.c:688:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (pattern) == 0)
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/logo/mkhdr.c:14:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sz = read (fd, buf, NBYTES);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/print.c:323:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (printer_list[i].printerName, " ");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/rasio.c:502:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int readbytes, c, read;
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/rasio.c:508:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (read = 0; read < readbytes; read++) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/rasio.c:513:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (fp);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/rasio.c:518:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
count = getc(fp);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/rasio.c:527:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = getc(fp)) == EOF)
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/rasio.c:536:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return (read / size);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/rasio.c:603:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c0 = fgetc(fp);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/rasio.c:604:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c1 = fgetc(fp);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/rasio.c:605:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c2 = fgetc(fp);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/rasio.c:606:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c3 = fgetc(fp);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:1061:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (mp->ref);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:1070:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (fb->ctran.imtitle);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:1087:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (text);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2390:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (xim->imtoolrc, fname, strlen(fname));
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2390:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy (xim->imtoolrc, fname, strlen(fname));
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2397:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xim->imtoolrc = XtCalloc(strlen(fb_paths[i]+1),sizeof(char));
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2398:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (xim->imtoolrc, fb_paths[i],strlen(fb_paths[i]));
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2398:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy (xim->imtoolrc, fb_paths[i],strlen(fb_paths[i]));
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/raster.c:2893:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen (dp->d_name);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:342:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (frameno, "0");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:383:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (buf, "0");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1289:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (buf, "");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1479:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (strval, " ");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1691:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (strval, " ");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1798:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=strlen(flp->curdir); i > 1; i--) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1809:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (flp->curdir, "/");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1993:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fname[strlen(fname)-1] == '/') {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1994:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fname[strlen(fname)-1] = '\0';
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:1998:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (flp->curdir, "/");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2146:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (text, "\n");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2162:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (text, "\n");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximclient.c:2217:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (text, "\n");
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:260:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xim->input_fifo = malloc (strlen(argv[++i])+2);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:261:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xim->output_fifo = malloc (strlen(argv[i])+2);
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:485:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(st) + cpos > 78) {
data/x11iraf-2.0+2020.06.15+dfsg/ximtool/ximtool.c:490:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cpos = cpos + strlen(st) + 1;
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c:374:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nchars = read (fd, start, maxch);
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/xtapemon.c:430:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nleft = strlen (msg);
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/zzdebug.c:48:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write (s, msg, strlen(msg));
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/zzdebug.c:52:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write (s, msg, strlen(msg));
data/x11iraf-2.0+2020.06.15+dfsg/xtapemon/zzdebug.c:58:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write (s, msg, strlen(msg));
ANALYSIS SUMMARY:
Hits = 1833
Lines analyzed = 119899 in approximately 4.73 seconds (25336 lines/second)
Physical Source Lines of Code (SLOC) = 91468
Hits@level = [0] 804 [1] 283 [2] 1035 [3] 45 [4] 457 [5] 13
Hits@level+ = [0+] 2637 [1+] 1833 [2+] 1550 [3+] 515 [4+] 470 [5+] 13
Hits/KSLOC@level+ = [0+] 28.8298 [1+] 20.0398 [2+] 16.9458 [3+] 5.63038 [4+] 5.13841 [5+] 0.142126
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.