Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/xmakemol-5.16/acconfig.h
Examining data/xmakemol-5.16/animate.c
Examining data/xmakemol-5.16/basename.c
Examining data/xmakemol-5.16/bbox.c
Examining data/xmakemol-5.16/crystal.c
Examining data/xmakemol-5.16/draw.c
Examining data/xmakemol-5.16/edit.c
Examining data/xmakemol-5.16/frames.c
Examining data/xmakemol-5.16/gl_funcs.c
Examining data/xmakemol-5.16/menus.c
Examining data/xmakemol-5.16/region.c
Examining data/xmakemol-5.16/rotate.c
Examining data/xmakemol-5.16/sort.c
Examining data/xmakemol-5.16/store.c
Examining data/xmakemol-5.16/track.c
Examining data/xmakemol-5.16/translate.c
Examining data/xmakemol-5.16/utils.c
Examining data/xmakemol-5.16/view.c
Examining data/xmakemol-5.16/gl2ps.c
Examining data/xmakemol-5.16/bbox.h
Examining data/xmakemol-5.16/config.h
Examining data/xmakemol-5.16/draw.h
Examining data/xmakemol-5.16/view.h
Examining data/xmakemol-5.16/bonds.h
Examining data/xmakemol-5.16/defs.h
Examining data/xmakemol-5.16/gl_funcs.h
Examining data/xmakemol-5.16/vectors.h
Examining data/xmakemol-5.16/xm_logo.h
Examining data/xmakemol-5.16/gl2ps.h
Examining data/xmakemol-5.16/control.c
Examining data/xmakemol-5.16/canvas.c
Examining data/xmakemol-5.16/fig.c
Examining data/xmakemol-5.16/file.c
Examining data/xmakemol-5.16/globals.h
Examining data/xmakemol-5.16/help.c
Examining data/xmakemol-5.16/xmakemol.c
Examining data/xmakemol-5.16/vectors.c
FINAL RESULTS:
data/xmakemol-5.16/animate.c:510:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "Cannot open %s for write", anim_file_name);
data/xmakemol-5.16/animate.c:543:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "File %s written: %d frame (XYZ)",
data/xmakemol-5.16/animate.c:548:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "File %s written: %d frames (XYZ)",
data/xmakemol-5.16/animate.c:590:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pixmap_file, "%s.%d.xpm", anim_file_name, (i + 1));
data/xmakemol-5.16/animate.c:610:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File %s.1.xpm written",
data/xmakemol-5.16/animate.c:615:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Files %s.1..%d.xpm written",
data/xmakemol-5.16/draw.c:380:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp_string, "%s ", atoms[si].label);
data/xmakemol-5.16/draw.c:381:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(label_string, temp_string);
data/xmakemol-5.16/draw.c:391:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(label_string, temp_string);
data/xmakemol-5.16/edit.c:285:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(istring,"Toggle %s atoms",element[i].label);
data/xmakemol-5.16/edit.c:291:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(atom_group[count].label,element[i].label);
data/xmakemol-5.16/edit.c:1073:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(istring,"Toggle %s atoms",element[i].label);
data/xmakemol-5.16/edit.c:1079:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(atom_group[count].label,element[i].label);
data/xmakemol-5.16/edit.c:3338:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(color, "%s", element[i].color);
data/xmakemol-5.16/edit.c:3765:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(element[index].color, color);
data/xmakemol-5.16/edit.c:3843:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp, users_home_dir_path);
data/xmakemol-5.16/edit.c:4037:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp, getenv("HOME"));
data/xmakemol-5.16/edit.c:4084:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(color, "%s", element[i-1].color);
data/xmakemol-5.16/fig.c:247:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (label, "%s", atoms[si].label);
data/xmakemol-5.16/fig.c:250:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "%s%s\\001", number, label);
data/xmakemol-5.16/file.c:673:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(current_file_name, file);
data/xmakemol-5.16/file.c:706:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_string, "Cannot open %s for write", file_name);
data/xmakemol-5.16/file.c:751:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy (merge_file_name, file);
data/xmakemol-5.16/file.c:767:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"No file %s",gnu_basename(merge_file_name));
data/xmakemol-5.16/file.c:781:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"Cannot open %s",temp_file_name);
data/xmakemol-5.16/file.c:883:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"Files merged%s", eof_string);
data/xmakemol-5.16/file.c:928:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_string, "Cannot open %s for write", file_name);
data/xmakemol-5.16/file.c:1021:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(p_command, p_name);
data/xmakemol-5.16/file.c:1027:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(p_command, copies);
data/xmakemol-5.16/file.c:1033:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(p_command, temp_file_name);
data/xmakemol-5.16/file.c:1052:4: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(p_command);
data/xmakemol-5.16/file.c:1112:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "Cannot open directory %s", file_name);
data/xmakemol-5.16/file.c:1131:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "xmakemol: cannot open %s for read", gnu_basename (file_name));
data/xmakemol-5.16/file.c:1210:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (current_frame->comment, buf);
data/xmakemol-5.16/file.c:1225:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (buf, "%s %lf %lf %lf",
data/xmakemol-5.16/file.c:1256:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (optional, "%s %lf %lf %lf", prop, &x, &y, &z);
data/xmakemol-5.16/file.c:1278:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (optional, "%s %lf %lf %lf %lf %lf %lf",
data/xmakemol-5.16/file.c:1310:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (optional, "%s %lf %lf %lf",
data/xmakemol-5.16/file.c:1327:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (optional, "%s %d %d %d",
data/xmakemol-5.16/file.c:1345:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (optional, "%s %d %lf %lf %lf",
data/xmakemol-5.16/file.c:1358:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (optional, "%s %lf %lf %lf",
data/xmakemol-5.16/file.c:1375:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (optional, "%s %s", prop, color_name);
data/xmakemol-5.16/file.c:1377:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (current_frame->atom[i].color_name, color_name);
data/xmakemol-5.16/file.c:1393:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (optional, "%s %lf %lf %lf %lf %lf %lf",
data/xmakemol-5.16/file.c:1454:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (current_frame->atom[i].label, atom_label);
data/xmakemol-5.16/file.c:1458:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ucased_label, atom_label);
data/xmakemol-5.16/file.c:1502:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (current_type->label, ucased_label);
data/xmakemol-5.16/file.c:1546:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File %s %s: 1 frame", gnu_basename (file_name), mode);
data/xmakemol-5.16/file.c:1550:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File %s %s: %d frames", gnu_basename (file_name),
data/xmakemol-5.16/file.c:2136:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf,
data/xmakemol-5.16/file.c:2142:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "File %s written: %d atoms and 1 frame (XYZ)",
data/xmakemol-5.16/file.c:2227:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File %s written: %d frame (XYZ)",
data/xmakemol-5.16/file.c:2232:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File %s written: %d frames (XYZ)",
data/xmakemol-5.16/file.c:2630:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string, "File %s written: EPS (colour)", gnu_basename(file_name));
data/xmakemol-5.16/file.c:2634:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string, "File %s written: EPS (b/w)", gnu_basename(file_name));
data/xmakemol-5.16/file.c:2696:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (aux_file_name, file_name);
data/xmakemol-5.16/file.c:2740:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if (sscanf (buf, "%s = %d", prop, &value))
data/xmakemol-5.16/file.c:2819:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string, "File %s written: XPM", gnu_basename(file_name));
data/xmakemol-5.16/file.c:2826:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "Cannot open %s for write", gnu_basename (file_name));
data/xmakemol-5.16/file.c:3297:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%d %s %lf %s %lf %lf",
data/xmakemol-5.16/file.c:3302:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(element[i].label, label);
data/xmakemol-5.16/file.c:3306:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(element[i].color, color);
data/xmakemol-5.16/file.c:3365:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(line, getenv("HOME")); /* line used as temp variable here */
data/xmakemol-5.16/file.c:3375:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %lf %s %lf %lf",
data/xmakemol-5.16/file.c:3384:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(element[i].color, color);
data/xmakemol-5.16/file.c:3855:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (atoms[io].label, this_frame->atom[i].label);
data/xmakemol-5.16/file.c:3856:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (atoms[io].uppercase_label, this_frame->atom[i].label);
data/xmakemol-5.16/frames.c:635:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pixmap_file, "%s.%d.xpm", anim_file, (i + 1));
data/xmakemol-5.16/frames.c:655:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File %s.1.xpm written",
data/xmakemol-5.16/frames.c:660:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Files %s.1..%d.xpm written",
data/xmakemol-5.16/frames.c:855:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string, "Frame %d (%d atoms); comment \"%s\".",
data/xmakemol-5.16/gl2ps.c:314:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/xmakemol-5.16/gl2ps.c:454:11: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
ret = vsprintf(buf, fmt, args);
data/xmakemol-5.16/gl2ps.c:464:11: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ret = vfprintf(gl2ps->stream, fmt, args);
data/xmakemol-5.16/gl2ps.c:900:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prim->data.text->str, str);
data/xmakemol-5.16/gl2ps.c:902:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prim->data.text->fontname, fontname);
data/xmakemol-5.16/gl2ps.c:917:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(text->str, t->str);
data/xmakemol-5.16/gl2ps.c:919:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(text->fontname, t->fontname);
data/xmakemol-5.16/gl2ps.c:3224:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(i <= 0) strcpy(name, gl2ps->filename);
data/xmakemol-5.16/gl2ps.c:5677:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gl2ps->title, title);
data/xmakemol-5.16/gl2ps.c:5686:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gl2ps->producer, producer);
data/xmakemol-5.16/gl2ps.c:5695:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gl2ps->filename, filename);
data/xmakemol-5.16/gl_funcs.c:632:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (sub_string, "%s ", atoms[i].label);
data/xmakemol-5.16/gl_funcs.c:633:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, sub_string);
data/xmakemol-5.16/gl_funcs.c:643:15: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, sub_string);
data/xmakemol-5.16/gl_funcs.c:1506:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("/usr/gfx/setmon -n STR_TOP");
data/xmakemol-5.16/help.c:92:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(about_string, ABOUT_MSG, VERSION);
data/xmakemol-5.16/help.c:142:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(doc_string, DOC_MSG);
data/xmakemol-5.16/help.c:192:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(doc_string, MOUSE_MSG);
data/xmakemol-5.16/help.c:245:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(bugs_string, BUGS_MSG);
data/xmakemol-5.16/track.c:722:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string,"%2c :%9.4f %9.4f %9.4f %-2s %d",
data/xmakemol-5.16/utils.c:173:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
output = popen("/usr/gfx/gfxinfo 2> /dev/null | grep Hz", "r");
data/xmakemol-5.16/utils.c:185:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, &buf[index]);
data/xmakemol-5.16/utils.c:237:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(string);
data/xmakemol-5.16/xmakemol.c:139:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (xmakemol_version, VERSION);
data/xmakemol-5.16/xmakemol.c:261:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (version_string,
data/xmakemol-5.16/xmakemol.c:344:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (current_file_name, go_file);
data/xmakemol-5.16/xmakemol.c:391:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bg_color,optarg);
data/xmakemol-5.16/xmakemol.c:394:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bb_color,optarg);
data/xmakemol-5.16/xmakemol.c:401:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (go_file, optarg);
data/xmakemol-5.16/edit.c:3839:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
users_home_dir_path = getenv("HOME");
data/xmakemol-5.16/edit.c:4037:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strcpy(temp, getenv("HOME"));
data/xmakemol-5.16/file.c:498:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
printer_name = getenv("LPDEST");
data/xmakemol-5.16/file.c:500:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
printer_name = getenv("PRINTER");
data/xmakemol-5.16/file.c:3228:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
elem_file_name = getenv ("XM_ELEMENTS");
data/xmakemol-5.16/file.c:3365:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strcpy(line, getenv("HOME")); /* line used as temp variable here */
data/xmakemol-5.16/gl_funcs.c:1478:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
display_env = getenv("DISPLAY");
data/xmakemol-5.16/xmakemol.c:371:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt (argc, argv, opt_list)) != EOF)
data/xmakemol-5.16/acconfig.h:263:8: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
#undef vfork
data/xmakemol-5.16/animate.c:264:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[1024];
data/xmakemol-5.16/animate.c:314:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "Animation: frame %d of %d", i+1, rot_times);
data/xmakemol-5.16/animate.c:340:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "Animation: frame %d of %d", i+1, rot_times);
data/xmakemol-5.16/animate.c:500:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/xmakemol-5.16/animate.c:508:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((out_file = fopen (anim_file_name, "w")) == NULL)
data/xmakemol-5.16/animate.c:574:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ], pixmap_file[1024];
data/xmakemol-5.16/control.c:53:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[BUFSIZ];
data/xmakemol-5.16/control.c:772:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"Atom %d selected",selected_atom+1);
data/xmakemol-5.16/draw.c:272:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dash_list[2]; /* So range is 0-255 */
data/xmakemol-5.16/draw.c:373:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(label_string, "%d ", si + 1);
data/xmakemol-5.16/draw.c:390:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp_string, "%c", labels[i]);
data/xmakemol-5.16/draw.c:409:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char axis_lab[2];
data/xmakemol-5.16/edit.c:79:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[4];
data/xmakemol-5.16/edit.c:187:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char istring[16];
data/xmakemol-5.16/edit.c:576:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[128];
data/xmakemol-5.16/edit.c:582:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "No other frames to propagate visibilities to");
data/xmakemol-5.16/edit.c:598:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "Visibilites have been propagated to all frames");
data/xmakemol-5.16/edit.c:602:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string,
data/xmakemol-5.16/edit.c:621:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[128];
data/xmakemol-5.16/edit.c:633:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "There are %d visible atoms", no_visible_atoms);
data/xmakemol-5.16/edit.c:719:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char istring[16];
data/xmakemol-5.16/edit.c:1862:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[32];
data/xmakemol-5.16/edit.c:1898:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message, "Coordinates scaled by %lf", scale_factor);
data/xmakemol-5.16/edit.c:2724:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Value_str[10];
data/xmakemol-5.16/edit.c:2840:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Value_str,"%.2f",bbox_by_hand.x_min);
data/xmakemol-5.16/edit.c:2858:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Value_str,"%.2f",bbox_by_hand.y_min);
data/xmakemol-5.16/edit.c:2877:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Value_str,"%.2f",bbox_by_hand.z_min);
data/xmakemol-5.16/edit.c:2908:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Value_str,"%.2f",bbox_by_hand.x_max);
data/xmakemol-5.16/edit.c:2926:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Value_str,"%.2f",bbox_by_hand.y_max);
data/xmakemol-5.16/edit.c:2945:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Value_str,"%.2f",bbox_by_hand.z_max);
data/xmakemol-5.16/edit.c:3128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Value_str[10];
data/xmakemol-5.16/edit.c:3131:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Value_str,"%.2f",bbox_by_hand.x_min);
data/xmakemol-5.16/edit.c:3136:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Value_str,"%.2f",bbox_by_hand.y_min);
data/xmakemol-5.16/edit.c:3141:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Value_str,"%.2f",bbox_by_hand.z_min);
data/xmakemol-5.16/edit.c:3146:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Value_str,"%.2f",bbox_by_hand.x_max);
data/xmakemol-5.16/edit.c:3151:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Value_str,"%.2f",bbox_by_hand.y_max);
data/xmakemol-5.16/edit.c:3156:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Value_str,"%.2f",bbox_by_hand.z_max);
data/xmakemol-5.16/edit.c:3303:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char color[20], mass[8], cov_rad[6], vdw_rad[6];
data/xmakemol-5.16/edit.c:3328:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mass, "%7.3f", element[i].mass);
data/xmakemol-5.16/edit.c:3362:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cov_rad, "%5.3f", element[i].cov_rad);
data/xmakemol-5.16/edit.c:3378:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(vdw_rad, "%5.3f", element[i].vdw_rad);
data/xmakemol-5.16/edit.c:3834:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *users_home_dir_path, *user_elements_file_name, temp[80];
data/xmakemol-5.16/edit.c:3845:29: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
user_elements_file_name = strcat(temp, "/.xmakemol.elements");
data/xmakemol-5.16/edit.c:3846:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_file = fopen(user_elements_file_name, "w");
data/xmakemol-5.16/edit.c:3887:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cov_rad[6], vdw_rad[6];
data/xmakemol-5.16/edit.c:3930:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cov_rad, "%5.3f", element[i-1].cov_rad);
data/xmakemol-5.16/edit.c:3932:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(vdw_rad, "%5.3f", element[i-1].vdw_rad);
data/xmakemol-5.16/edit.c:4029:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char color[20], mass[8], cov_rad[6], vdw_rad[6];
data/xmakemol-5.16/edit.c:4030:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *user_elements_file_name, temp[80];
data/xmakemol-5.16/edit.c:4038:33: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
user_elements_file_name = strcat(temp, "/.xmakemol.elements");
data/xmakemol-5.16/edit.c:4082:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mass, "%7.3f", element[i-1].mass);
data/xmakemol-5.16/edit.c:4086:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cov_rad, "%5.3f", element[i-1].cov_rad);
data/xmakemol-5.16/edit.c:4088:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(vdw_rad, "%5.3f", element[i-1].vdw_rad);
data/xmakemol-5.16/fig.c:67:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output = fopen (filename, "w");
data/xmakemol-5.16/fig.c:184:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[4] = "", number[8] = "", text[12] = "";
data/xmakemol-5.16/fig.c:242:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (number, "%d ", si + 1);
data/xmakemol-5.16/file.c:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[4];
data/xmakemol-5.16/file.c:125:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *printer_name, *line_ptr, line[1024], printer_strings[MAX_PRINTERS+1][80],
data/xmakemol-5.16/file.c:456:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
printcap_file = fopen("/etc/printcap", "r");
data/xmakemol-5.16/file.c:494:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(printer_strings[j], "ENDLIST");
data/xmakemol-5.16/file.c:504:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(printer_name, "(no default)");
data/xmakemol-5.16/file.c:583:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(print_command_string, "lpr -P%%printer%% -#%%num_copies%% %%filename%%");
data/xmakemol-5.16/file.c:688:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file_name, message_string[1024];
data/xmakemol-5.16/file.c:704:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(fopen(file_name, "w") == NULL)
data/xmakemol-5.16/file.c:735:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char merge_file_name[1024], *temp_file_name;
data/xmakemol-5.16/file.c:763:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
merge_file = fopen (merge_file_name, "r");
data/xmakemol-5.16/file.c:775:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (temp_file_name, "/tmp/xmakemol.XXXXXX");
data/xmakemol-5.16/file.c:777:23: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
temp_file = fdopen (mkstemp (temp_file_name), "w");
data/xmakemol-5.16/file.c:825:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (eof_string, " - merge stopped after frame %d", i);
data/xmakemol-5.16/file.c:910:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file_name, message_string[1024];
data/xmakemol-5.16/file.c:926:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(fopen(file_name, "w") == NULL)
data/xmakemol-5.16/file.c:950:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *string, *temp_file_name, *p_name, *copies, p_command[1024];
data/xmakemol-5.16/file.c:969:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (temp_file_name, "/tmp/xmakemol.XXXXXX");
data/xmakemol-5.16/file.c:971:22: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
eps_file = fdopen (mkstemp (temp_file_name), "w");
data/xmakemol-5.16/file.c:983:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_copies = atoi(copies);
data/xmakemol-5.16/file.c:994:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if(!(temp_f = fopen(current_file_name, "r")))
data/xmakemol-5.16/file.c:1099:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ], atom_label[4], mode[16];
data/xmakemol-5.16/file.c:1120:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (file_name, "<STDIN>");
data/xmakemol-5.16/file.c:1121:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (current_file_name, "<STDIN>");
data/xmakemol-5.16/file.c:1126:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in_file = fopen (file_name, "r");
data/xmakemol-5.16/file.c:1371:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char color_name[32];
data/xmakemol-5.16/file.c:1537:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (mode, "reverted");
data/xmakemol-5.16/file.c:1541:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (mode, "read");
data/xmakemol-5.16/file.c:1767:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (current_type->label, "DU"); /* Dummy */
data/xmakemol-5.16/file.c:2088:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/xmakemol-5.16/file.c:2094:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_file=fopen(file_name,"w");
data/xmakemol-5.16/file.c:2164:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/xmakemol-5.16/file.c:2172:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_file=fopen(file_name,"w");
data/xmakemol-5.16/file.c:2270:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[1024];
data/xmakemol-5.16/file.c:2286:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_file = fopen (file_name, "w");
data/xmakemol-5.16/file.c:2652:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
aux_file = fopen (file_name, "w");
data/xmakemol-5.16/file.c:2701:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (sub_string, ".aux");
data/xmakemol-5.16/file.c:2705:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (aux_file_name, ".aux");
data/xmakemol-5.16/file.c:2708:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
aux_file = fopen (aux_file_name, "r");
data/xmakemol-5.16/file.c:2777:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[1024];
data/xmakemol-5.16/file.c:2832:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "Error %d: cannot write XPM file", retcode);
data/xmakemol-5.16/file.c:2848:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen (filename, "w");
data/xmakemol-5.16/file.c:3214:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024],label[4],color[1024],*line_ptr;
data/xmakemol-5.16/file.c:3237:30: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
elem_file_name = strcat (elem_file_name, "/elements");
data/xmakemol-5.16/file.c:3238:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
elem_file = fopen (elem_file_name, "r");
data/xmakemol-5.16/file.c:3242:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
elem_file = fopen (elem_file_name, "r");
data/xmakemol-5.16/file.c:3250:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
elem_file = fopen (ELEMENTS, "r");
data/xmakemol-5.16/file.c:3257:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
elem_file = fopen ("elements", "r");
data/xmakemol-5.16/file.c:3356:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024],label[4],color[1024];
data/xmakemol-5.16/file.c:3366:29: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
user_elements_file_name = strcat(line, "/.xmakemol.elements");
data/xmakemol-5.16/file.c:3368:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
user_elements_file = fopen(user_elements_file_name, "r");
data/xmakemol-5.16/file.c:3865:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (atoms[io].label, "DU");
data/xmakemol-5.16/file.c:3866:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (atoms[io].uppercase_label, "DU");
data/xmakemol-5.16/frames.c:271:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[124], *temp_frame_string;
data/xmakemol-5.16/frames.c:295:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"Frame %d selected",frame_no+1);
data/xmakemol-5.16/frames.c:599:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ], *anim_file, pixmap_file[1024];
data/xmakemol-5.16/frames.c:835:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[1024];
data/xmakemol-5.16/frames.c:845:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "No frames loaded");
data/xmakemol-5.16/frames.c:849:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "Frame %d (%d atoms); comment \"(empty)\".",
data/xmakemol-5.16/gl2ps.c:451:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1000];
data/xmakemol-5.16/gl2ps.c:458:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gl2ps->compress->start+oldsize, buf, ret);
data/xmakemol-5.16/gl2ps.c:475:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[10] = {'\x1f', '\x8b', /* magic numbers: 0x1f, 0x8b */
data/xmakemol-5.16/gl2ps.c:495:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[8];
data/xmakemol-5.16/gl2ps.c:589:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&list->array[(list->n - 1) * list->size], data, list->size);
data/xmakemol-5.16/gl2ps.c:644:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &list->array[index * list->size], list->size);
data/xmakemol-5.16/gl2ps.c:647:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void gl2psEncodeBase64Block(unsigned char in[3], unsigned char out[4], int len)
data/xmakemol-5.16/gl2ps.c:647:66: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void gl2psEncodeBase64Block(unsigned char in[3], unsigned char out[4], int len)
data/xmakemol-5.16/gl2ps.c:660:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *buffer, in[3], out[4];
data/xmakemol-5.16/gl2ps.c:665:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, list->array, n * sizeof(unsigned char));
data/xmakemol-5.16/gl2ps.c:789:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(image->pixels, im->pixels, size);
data/xmakemol-5.16/gl2ps.c:1047:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prim->verts, p->verts, p->numverts * sizeof(GL2PSvertex));
data/xmakemol-5.16/gl2ps.c:2171:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prim->verts, verts, numverts * sizeof(GL2PSvertex));
data/xmakemol-5.16/gl2ps.c:2384:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(((char*)(node->image->pixels))[i + v]), &(current[2]), sizeoffloat);
data/xmakemol-5.16/gl2ps.c:2386:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(((char*)(node->image->pixels))[i + v]), &(current[2]), vtot - i);
data/xmakemol-5.16/gl2ps.c:2918:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[16];
data/xmakemol-5.16/gl2ps.c:3212:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/xmakemol-5.16/gl2ps.c:3227:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "untitled");
data/xmakemol-5.16/gl2ps.c:4841:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void gl2psSVGGetColorString(GL2PSrgba rgba, char str[32])
data/xmakemol-5.16/gl2ps.c:4849:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "#%2.2x%2.2x%2.2x", rc, gc, bc);
data/xmakemol-5.16/gl2ps.c:4855:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char col[32];
data/xmakemol-5.16/gl2ps.c:4909:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char col[32];
data/xmakemol-5.16/gl2ps.c:5036:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char col[32];
data/xmakemol-5.16/gl2ps.c:5131:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char col[32];
data/xmakemol-5.16/gl2ps.c:5540:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GL2PSDLL_API GLint gl2psBeginPage(const char *title, const char *producer,
data/xmakemol-5.16/gl2ps.c:5540:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GL2PSDLL_API GLint gl2psBeginPage(const char *title, const char *producer,
data/xmakemol-5.16/gl2ps.c:5657:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gl2ps->colormap, colormap, gl2ps->colorsize * sizeof(GL2PSrgba));
data/xmakemol-5.16/gl2ps.c:5834:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prim->data.image->pixels, pixels, size * sizeof(GLfloat));
data/xmakemol-5.16/gl2ps.c:5841:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prim->data.image->pixels, pixels, size * sizeof(GLfloat));
data/xmakemol-5.16/gl2ps.h:161:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GL2PSDLL_API GLint gl2psBeginPage(const char *title, const char *producer,
data/xmakemol-5.16/gl2ps.h:161:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GL2PSDLL_API GLint gl2psBeginPage(const char *title, const char *producer,
data/xmakemol-5.16/gl_funcs.c:454:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[16]="", sub_string[8]="", *labels = "ABCD";
data/xmakemol-5.16/gl_funcs.c:625:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "%d ", i + 1);
data/xmakemol-5.16/gl_funcs.c:642:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sub_string, "%c ", labels[j]);
data/xmakemol-5.16/globals.h:37:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[4];
data/xmakemol-5.16/globals.h:38:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uppercase_label[4];
data/xmakemol-5.16/globals.h:51:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char color[20];
data/xmakemol-5.16/globals.h:67:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[4];
data/xmakemol-5.16/globals.h:71:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char color[20];
data/xmakemol-5.16/globals.h:105:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[4];
data/xmakemol-5.16/globals.h:113:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char color_name[32];
data/xmakemol-5.16/globals.h:121:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[1024];
data/xmakemol-5.16/globals.h:162:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bg_color[30]="lightgray";
data/xmakemol-5.16/globals.h:163:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bb_color[30]="darkgray";
data/xmakemol-5.16/globals.h:164:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sel_color_name[30]="orange";
data/xmakemol-5.16/globals.h:166:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_file_name[1024] = ""; /* aro */
data/xmakemol-5.16/globals.h:249:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char bg_color[30];
data/xmakemol-5.16/globals.h:250:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char bb_color[30];
data/xmakemol-5.16/globals.h:251:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char sel_color_name[30];
data/xmakemol-5.16/globals.h:253:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char current_file_name[1024]; /* aro */
data/xmakemol-5.16/menus.c:44:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
XmString file,open,revert,save,merge,export,print,quit;/* aro */ /* 0th menu */
data/xmakemol-5.16/menus.c:108:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
XmVaPUSHBUTTON, open, 'O', "Ctrl<Key>O", accel1,
data/xmakemol-5.16/menus.c:120:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
XmStringFree(open);
data/xmakemol-5.16/track.c:189:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mouse_translation = (enum mouse_translations) atoi (args[0]);
data/xmakemol-5.16/track.c:373:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[64];
data/xmakemol-5.16/track.c:385:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message, "Atom %d selected: x = %9.4f, y = %9.4f, z = %9.4f",
data/xmakemol-5.16/track.c:709:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[100];
data/xmakemol-5.16/track.c:726:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"%2c : ",
data/xmakemol-5.16/track.c:744:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"%c-%c : %10.4f",labels[i],labels[j],distance);
data/xmakemol-5.16/track.c:748:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"%c-%c : ",labels[i],labels[j]);
data/xmakemol-5.16/track.c:766:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string," %c-%c-%c : %10.4f",
data/xmakemol-5.16/track.c:769:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string," %c-%c-%c : ",
data/xmakemol-5.16/track.c:787:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "A-B-C-D : %10.4f",torsion);
data/xmakemol-5.16/track.c:789:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "A-B-C-D : ");
data/xmakemol-5.16/utils.c:161:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024] = "";
data/xmakemol-5.16/utils.c:163:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char refresh_rate[10];
data/xmakemol-5.16/utils.c:216:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rounded_refresh = atoi(refresh_rate) + 1;
data/xmakemol-5.16/utils.c:218:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rounded_refresh = atoi(refresh_rate);
data/xmakemol-5.16/utils.c:221:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rounded_refresh = atoi(refresh_rate);
data/xmakemol-5.16/utils.c:233:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[40];
data/xmakemol-5.16/utils.c:235:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "/usr/gfx/setmon -n %d", freq);
data/xmakemol-5.16/view.c:56:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[128];
data/xmakemol-5.16/view.c:79:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message, "Switching on bonds (%d)", get_no_bonds ());
data/xmakemol-5.16/view.c:89:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message, "Switching on H-bonds (%d)", get_no_hbonds ());
data/xmakemol-5.16/xmakemol.c:56:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char go_file[1024];
data/xmakemol-5.16/xmakemol.c:57:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xmakemol_version[6];
data/xmakemol-5.16/xmakemol.c:80:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version_string[128];
data/xmakemol-5.16/xmakemol.c:357:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opt_list[16];
data/xmakemol-5.16/xmakemol.c:366:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (opt_list, "abhc:e:f:Guv"); /* extra -G option */
data/xmakemol-5.16/xmakemol.c:368:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (opt_list, "abhc:e:f:uv");
data/xmakemol-5.16/xmakemol.c:406:15: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (go_file, "<STDIN>");
data/xmakemol-5.16/xmakemol.c:484:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[100];
data/xmakemol-5.16/xmakemol.c:522:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"Resized to %d x %d",(int)canvas_width,(int)canvas_height);
data/xmakemol-5.16/control.c:758:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (selected_atom_str) == 0) ||
data/xmakemol-5.16/draw.c:369:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(label_string, ""); /* Initialize */
data/xmakemol-5.16/draw.c:401:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(label_string));
data/xmakemol-5.16/draw.c:428:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(axis_lab,"X");
data/xmakemol-5.16/draw.c:434:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(axis_lab));
data/xmakemol-5.16/draw.c:442:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(axis_lab,"Y");
data/xmakemol-5.16/draw.c:448:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(axis_lab));
data/xmakemol-5.16/draw.c:456:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(axis_lab,"Z");
data/xmakemol-5.16/draw.c:462:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(axis_lab));
data/xmakemol-5.16/edit.c:1867:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (scale_factor_string) == 0) ||
data/xmakemol-5.16/edit.c:3305:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (element[i].label) > 0)
data/xmakemol-5.16/edit.c:3335:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XmNcolumns, strlen(mass),
data/xmakemol-5.16/edit.c:3369:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XmNcolumns, strlen(cov_rad),
data/xmakemol-5.16/edit.c:3385:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XmNcolumns, strlen(vdw_rad),
data/xmakemol-5.16/fig.c:252:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (text) > 0)
data/xmakemol-5.16/file.c:1022:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j += strlen(p_name);
data/xmakemol-5.16/file.c:1023:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i += strlen(printer_str) - 1;
data/xmakemol-5.16/file.c:1028:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j += strlen(copies);
data/xmakemol-5.16/file.c:1029:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i += strlen(numcopies_str) - 1;
data/xmakemol-5.16/file.c:1034:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j += strlen(temp_file_name);
data/xmakemol-5.16/file.c:1035:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i += strlen(filename_str) - 1;
data/xmakemol-5.16/file.c:1209:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen (buf) - 1] = '\0';
data/xmakemol-5.16/file.c:2281:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (file_name) == 0)
data/xmakemol-5.16/file.c:3438:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen (label); i++)
data/xmakemol-5.16/frames.c:276:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (temp_frame_string) == 0) ||
data/xmakemol-5.16/frames.c:370:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000*(frame_speed - 1));
data/xmakemol-5.16/frames.c:485:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(200000*(frame_speed));
data/xmakemol-5.16/frames.c:490:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(200000*(frame_speed));
data/xmakemol-5.16/frames.c:535:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000*(frame_speed-1));
data/xmakemol-5.16/frames.c:847:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(strlen(this_frame->comment) == 0)
data/xmakemol-5.16/gl2ps.c:899:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prim->data.text->str = (char*)gl2psMalloc((strlen(str)+1)*sizeof(char));
data/xmakemol-5.16/gl2ps.c:901:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prim->data.text->fontname = (char*)gl2psMalloc((strlen(fontname)+1)*sizeof(char));
data/xmakemol-5.16/gl2ps.c:916:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text->str = (char*)gl2psMalloc((strlen(t->str)+1)*sizeof(char));
data/xmakemol-5.16/gl2ps.c:918:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text->fontname = (char*)gl2psMalloc((strlen(t->fontname)+1)*sizeof(char));
data/xmakemol-5.16/gl2ps.c:3216:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(gl2ps->filename && strlen(gl2ps->filename) < 256){
data/xmakemol-5.16/gl2ps.c:3217:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i = strlen(gl2ps->filename)-1; i >= 0; i--){
data/xmakemol-5.16/gl2ps.c:3219:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, gl2ps->filename, i);
data/xmakemol-5.16/gl2ps.c:4428:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
? strlen("/TrSh sh\n") + (int)log10((double)childobj)+1
data/xmakemol-5.16/gl2ps.c:4429:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
: strlen("/TrSh0 sh\n");
data/xmakemol-5.16/gl2ps.c:5676:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gl2ps->title = (char*)gl2psMalloc((strlen(title)+1)*sizeof(char));
data/xmakemol-5.16/gl2ps.c:5685:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gl2ps->producer = (char*)gl2psMalloc((strlen(producer)+1)*sizeof(char));
data/xmakemol-5.16/gl2ps.c:5694:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gl2ps->filename = (char*)gl2psMalloc((strlen(filename)+1)*sizeof(char));
data/xmakemol-5.16/gl_funcs.c:647:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (string) > 0)
data/xmakemol-5.16/gl_funcs.c:652:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = 0; j < strlen (string); j++)
data/xmakemol-5.16/utils.c:189:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(buf) != 0)
data/xmakemol-5.16/utils.c:202:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(refresh_rate, &p[index], abs(index));
ANALYSIS SUMMARY:
Hits = 352
Lines analyzed = 27708 in approximately 0.85 seconds (32721 lines/second)
Physical Source Lines of Code (SLOC) = 19103
Hits@level = [0] 250 [1] 46 [2] 198 [3] 8 [4] 100 [5] 0
Hits@level+ = [0+] 602 [1+] 352 [2+] 306 [3+] 108 [4+] 100 [5+] 0
Hits/KSLOC@level+ = [0+] 31.5134 [1+] 18.4264 [2+] 16.0184 [3+] 5.65356 [4+] 5.23478 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.