Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/aegean-0.16.0+dfsg/inc/core/AgnAttributeFilterStream.h
Examining data/aegean-0.16.0+dfsg/inc/core/AgnCliquePair.h
Examining data/aegean-0.16.0+dfsg/inc/core/AgnCompareReportHTML.h
Examining data/aegean-0.16.0+dfsg/inc/core/AgnCompareReportText.h
Examining data/aegean-0.16.0+dfsg/inc/core/AgnComparison.h
Examining data/aegean-0.16.0+dfsg/inc/core/AgnFilterStream.h
Examining data/aegean-0.16.0+dfsg/inc/core/AgnGaevalVisitor.h
Examining data/aegean-0.16.0+dfsg/inc/core/AgnGeneStream.h
Examining data/aegean-0.16.0+dfsg/inc/core/AgnInferCDSVisitor.h
Examining data/aegean-0.16.0+dfsg/inc/core/AgnInferExonsVisitor.h
Examining data/aegean-0.16.0+dfsg/inc/core/AgnInferParentStream.h
Examining data/aegean-0.16.0+dfsg/inc/core/AgnLocus.h
Examining data/aegean-0.16.0+dfsg/inc/core/AgnLocusFilterStream.h
Examining data/aegean-0.16.0+dfsg/inc/core/AgnLocusMapVisitor.h
Examining data/aegean-0.16.0+dfsg/inc/core/AgnLocusRefineStream.h
Examining data/aegean-0.16.0+dfsg/inc/core/AgnLocusStream.h
Examining data/aegean-0.16.0+dfsg/inc/core/AgnMrnaRepVisitor.h
Examining data/aegean-0.16.0+dfsg/inc/core/AgnPseudogeneFixVisitor.h
Examining data/aegean-0.16.0+dfsg/inc/core/AgnRemoveChildrenVisitor.h
Examining data/aegean-0.16.0+dfsg/inc/core/AgnTranscriptClique.h
Examining data/aegean-0.16.0+dfsg/inc/core/AgnTypecheck.h
Examining data/aegean-0.16.0+dfsg/inc/core/AgnUnitTest.h
Examining data/aegean-0.16.0+dfsg/inc/core/AgnUtils.h
Examining data/aegean-0.16.0+dfsg/inc/core/aegean.h
Examining data/aegean-0.16.0+dfsg/src/ParsEval/parseval.c
Examining data/aegean-0.16.0+dfsg/src/ParsEval/pe_options.h
Examining data/aegean-0.16.0+dfsg/src/ParsEval/pe_utils.c
Examining data/aegean-0.16.0+dfsg/src/ParsEval/pe_utils.h
Examining data/aegean-0.16.0+dfsg/src/ParsEval/pe_options.c
Examining data/aegean-0.16.0+dfsg/src/canon-gff3.c
Examining data/aegean-0.16.0+dfsg/src/core/AgnAttributeFilterStream.c
Examining data/aegean-0.16.0+dfsg/src/core/AgnCliquePair.c
Examining data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c
Examining data/aegean-0.16.0+dfsg/src/core/AgnCompareReportText.c
Examining data/aegean-0.16.0+dfsg/src/core/AgnComparison.c
Examining data/aegean-0.16.0+dfsg/src/core/AgnFilterStream.c
Examining data/aegean-0.16.0+dfsg/src/core/AgnGaevalVisitor.c
Examining data/aegean-0.16.0+dfsg/src/core/AgnGeneStream.c
Examining data/aegean-0.16.0+dfsg/src/core/AgnInferCDSVisitor.c
Examining data/aegean-0.16.0+dfsg/src/core/AgnInferExonsVisitor.c
Examining data/aegean-0.16.0+dfsg/src/core/AgnInferParentStream.c
Examining data/aegean-0.16.0+dfsg/src/core/AgnLocus.c
Examining data/aegean-0.16.0+dfsg/src/core/AgnLocusFilterStream.c
Examining data/aegean-0.16.0+dfsg/src/core/AgnLocusMapVisitor.c
Examining data/aegean-0.16.0+dfsg/src/core/AgnLocusRefineStream.c
Examining data/aegean-0.16.0+dfsg/src/core/AgnLocusStream.c
Examining data/aegean-0.16.0+dfsg/src/core/AgnMrnaRepVisitor.c
Examining data/aegean-0.16.0+dfsg/src/core/AgnPseudogeneFixVisitor.c
Examining data/aegean-0.16.0+dfsg/src/core/AgnRemoveChildrenVisitor.c
Examining data/aegean-0.16.0+dfsg/src/core/AgnTranscriptClique.c
Examining data/aegean-0.16.0+dfsg/src/core/AgnTypecheck.c
Examining data/aegean-0.16.0+dfsg/src/core/AgnUnitTest.c
Examining data/aegean-0.16.0+dfsg/src/core/AgnUtils.c
Examining data/aegean-0.16.0+dfsg/src/gaeval.c
Examining data/aegean-0.16.0+dfsg/src/locuspocus.c
Examining data/aegean-0.16.0+dfsg/src/pmrna.c
Examining data/aegean-0.16.0+dfsg/src/tidygff3.c
Examining data/aegean-0.16.0+dfsg/src/xtractore.c
Examining data/aegean-0.16.0+dfsg/test/unittests.c

FINAL RESULTS:

data/aegean-0.16.0+dfsg/src/ParsEval/pe_options.c:161:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(cmd, "cp %s/pe.filter pe.filter", options->data_path);
data/aegean-0.16.0+dfsg/src/ParsEval/pe_options.c:165:8:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    if(system(cmd) != 0)
data/aegean-0.16.0+dfsg/src/ParsEval/pe_options.c:203:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(dircmd, "test -d %s", options->outfilename);
data/aegean-0.16.0+dfsg/src/ParsEval/pe_options.c:204:10:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
      if(system(dircmd) == 0)
data/aegean-0.16.0+dfsg/src/ParsEval/pe_options.c:209:11:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
          sprintf(rmcmd, "rm -r %s", options->outfilename);
data/aegean-0.16.0+dfsg/src/ParsEval/pe_options.c:210:14:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
          if(system(rmcmd) != 0)
data/aegean-0.16.0+dfsg/src/ParsEval/pe_options.c:228:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(filecmd, "test -f %s", options->outfilename);
data/aegean-0.16.0+dfsg/src/ParsEval/pe_options.c:229:10:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
      if(system(filecmd) == 0 && !options->overwrite)
data/aegean-0.16.0+dfsg/src/ParsEval/pe_options.c:248:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(dircmd, "mkdir %s", options->outfilename);
data/aegean-0.16.0+dfsg/src/ParsEval/pe_options.c:249:8:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    if(system(dircmd) != 0)
data/aegean-0.16.0+dfsg/src/ParsEval/pe_options.c:256:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(outname, "%s/index.html", options->outfilename);
data/aegean-0.16.0+dfsg/src/ParsEval/pe_options.c:265:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(copy_cmd,"cp -LR %s/* %s", options->data_path, options->outfilename);
data/aegean-0.16.0+dfsg/src/ParsEval/pe_options.c:268:8:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    if(system(copy_cmd) != 0)
data/aegean-0.16.0+dfsg/src/ParsEval/pe_options.c:302:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(options->pngdata.filename_template, "%s/%%s/%%s_%%lu-%%lu.png",
data/aegean-0.16.0+dfsg/src/ParsEval/pe_options.c:304:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(options->pngdata.stylefile, "%s/pe.style", options->data_path);
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:212:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(filename, "%s/index.html", rpt->outdir);
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:480:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(filename, "%s/%s/%lu-%lu.html", rpt->outdir, gt_str_get(seqid),
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:720:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(filename, "%s/perfectmatches.html", rpt->outdir);
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:742:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(filename, "%s/mislabeled.html", rpt->outdir);
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:765:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(filename, "%s/cdsmatches.html", rpt->outdir);
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:787:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(filename, "%s/exonmatches.html", rpt->outdir);
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:809:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(filename, "%s/utrmatches.html", rpt->outdir);
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:831:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(filename, "%s/nonmatches.html", rpt->outdir);
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:969:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(seqfilename, "%s/%s/index.html", rpt->outdir, seqid);
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:1405:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(seqdircmd, "mkdir %s/%s", rpt->outdir, seqid);
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:1406:6:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  if(system(seqdircmd))
data/aegean-0.16.0+dfsg/src/core/AgnInferExonsVisitor.c:331:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(parentstr + strlen(parentstr), ",%s", tid);
data/aegean-0.16.0+dfsg/src/core/AgnLocus.c:773:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(trackname, "Reference annotations (%s)", metadata->refrfile);
data/aegean-0.16.0+dfsg/src/core/AgnLocus.c:778:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(trackname, "%s (Reference)", metadata->refrlabel);
data/aegean-0.16.0+dfsg/src/core/AgnLocus.c:787:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(trackname, "Prediction annotations (%s)", metadata->predfile);
data/aegean-0.16.0+dfsg/src/core/AgnLocus.c:792:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(trackname, "%s (Prediction)", metadata->predlabel);
data/aegean-0.16.0+dfsg/src/core/AgnLocus.c:893:3:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
  sprintf(pngfile, metadata->filename_template, gt_str_get(seqid),
data/aegean-0.16.0+dfsg/src/core/AgnLocusRefineStream.c:724:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(locusname, gt_str_get(stream->nameformat), stream->count);
data/aegean-0.16.0+dfsg/src/core/AgnLocusRefineStream.c:780:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(key, "child_%s", *attrkey);
data/aegean-0.16.0+dfsg/src/core/AgnLocusStream.c:524:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(locusname, gt_str_get(stream->nameformat), stream->count);
data/aegean-0.16.0+dfsg/src/core/AgnLocusStream.c:580:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(key, "child_%s", *attrkey);
data/aegean-0.16.0+dfsg/src/core/AgnTranscriptClique.c:195:14:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    idptr += sprintf(idptr, "%s", gt_feature_node_get_attribute(current, "ID"));
data/aegean-0.16.0+dfsg/src/xtractore.c:354:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(subseqid, "%s_%lu-%lu%c", gt_str_get(seqid), range.start, range.end,
data/aegean-0.16.0+dfsg/src/ParsEval/pe_options.c:47:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
  for(opt  = getopt_long(argc, argv, optstr, parseval_options, &optindex);
data/aegean-0.16.0+dfsg/src/ParsEval/pe_options.c:49:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
      opt  = getopt_long(argc, argv, optstr, parseval_options, &optindex))
data/aegean-0.16.0+dfsg/src/canon-gff3.c:54:13:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
  for(opt = getopt_long(argc, argv, optstr, init_options, &optindex);
data/aegean-0.16.0+dfsg/src/canon-gff3.c:56:13:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
      opt = getopt_long(argc, argv, optstr, init_options, &optindex))
data/aegean-0.16.0+dfsg/src/gaeval.c:78:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
  for(opt  = getopt_long(argc, argv + 0, optstr, gaeval_options, &optindex);
data/aegean-0.16.0+dfsg/src/gaeval.c:80:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
      opt  = getopt_long(argc, argv + 0, optstr, gaeval_options, &optindex))
data/aegean-0.16.0+dfsg/src/locuspocus.c:175:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
  for( opt = getopt_long(argc, argv + 0, optstr, locuspocus_options, &optindex);
data/aegean-0.16.0+dfsg/src/locuspocus.c:177:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
       opt = getopt_long(argc, argv + 0, optstr, locuspocus_options, &optindex))
data/aegean-0.16.0+dfsg/src/pmrna.c:54:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
  for(opt  = getopt_long(argc, argv + 0, optstr, pmrna_options, &optindex);
data/aegean-0.16.0+dfsg/src/pmrna.c:56:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
      opt  = getopt_long(argc, argv + 0, optstr, pmrna_options, &optindex))
data/aegean-0.16.0+dfsg/src/xtractore.c:136:13:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
  for(opt = getopt_long(argc, argv + 0, optstr, xtractore_options, &optindex);
data/aegean-0.16.0+dfsg/src/xtractore.c:138:13:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
      opt = getopt_long(argc, argv + 0, optstr, xtractore_options, &optindex))
data/aegean-0.16.0+dfsg/inc/core/AgnComparison.h:39:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char    sns[7];
data/aegean-0.16.0+dfsg/inc/core/AgnComparison.h:40:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char    sps[7];
data/aegean-0.16.0+dfsg/inc/core/AgnComparison.h:41:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char    f1s[7];
data/aegean-0.16.0+dfsg/inc/core/AgnComparison.h:42:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char    eds[16];
data/aegean-0.16.0+dfsg/inc/core/AgnComparison.h:63:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char    mcs[7];
data/aegean-0.16.0+dfsg/inc/core/AgnComparison.h:64:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char    ccs[7];
data/aegean-0.16.0+dfsg/inc/core/AgnComparison.h:65:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char    sns[7];
data/aegean-0.16.0+dfsg/inc/core/AgnComparison.h:66:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char    sps[7];
data/aegean-0.16.0+dfsg/inc/core/AgnComparison.h:67:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char    f1s[7];
data/aegean-0.16.0+dfsg/inc/core/AgnComparison.h:68:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char    eds[16];
data/aegean-0.16.0+dfsg/inc/core/AgnLocus.h:49:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char filename_template[512];
data/aegean-0.16.0+dfsg/inc/core/AgnLocus.h:50:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char stylefile[512];
data/aegean-0.16.0+dfsg/src/ParsEval/pe_options.c:104:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      FILE *filterfile = fopen(optarg, "r");
data/aegean-0.16.0+dfsg/src/ParsEval/pe_options.c:160:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cmd[512];
data/aegean-0.16.0+dfsg/src/ParsEval/pe_options.c:202:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char dircmd[1024];
data/aegean-0.16.0+dfsg/src/ParsEval/pe_options.c:208:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char rmcmd[1024];
data/aegean-0.16.0+dfsg/src/ParsEval/pe_options.c:227:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char filecmd[1024];
data/aegean-0.16.0+dfsg/src/ParsEval/pe_options.c:247:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dircmd[1024];
data/aegean-0.16.0+dfsg/src/ParsEval/pe_options.c:255:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char outname[1024];
data/aegean-0.16.0+dfsg/src/ParsEval/pe_options.c:257:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    options->outfile = fopen(outname, "w");
data/aegean-0.16.0+dfsg/src/ParsEval/pe_options.c:264:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char copy_cmd[1024];
data/aegean-0.16.0+dfsg/src/ParsEval/pe_options.c:285:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      options->outfile = fopen(options->outfilename, "w");
data/aegean-0.16.0+dfsg/src/ParsEval/pe_utils.c:23:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char timestr[128];
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:45:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char     seqid[64];
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:211:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char filename[1024];
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:213:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *outstream = fopen(filename, "w");
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:479:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char filename[1024];
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:482:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *outstream = fopen(filename, "w");
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:719:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[AGN_MAX_FILENAME_SIZE];
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:721:23:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *outstream = fopen(filename, "w");
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:741:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[AGN_MAX_FILENAME_SIZE];
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:743:23:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *outstream = fopen(filename, "w");
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:764:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[AGN_MAX_FILENAME_SIZE];
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:766:23:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *outstream = fopen(filename, "w");
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:786:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[AGN_MAX_FILENAME_SIZE];
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:788:23:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *outstream = fopen(filename, "w");
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:808:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[AGN_MAX_FILENAME_SIZE];
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:810:23:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *outstream = fopen(filename, "w");
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:830:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[AGN_MAX_FILENAME_SIZE];
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:832:23:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *outstream = fopen(filename, "w");
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:854:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char sstart[64], send[64], slength[64];
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:968:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char seqfilename[AGN_MAX_FILENAME_SIZE];
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:970:23:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *outstream = fopen(seqfilename, "w");
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:1319:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char rmatchp[32], rnomatchp[32], pmatchr[32], pnomatchr[32];
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:1322:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(rmatchp,   "%.1f%%", (float)stats->correct / (float)refrcnt * 100);
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:1323:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(rnomatchp, "%.1f%%", (float)stats->missing / (float)refrcnt * 100);
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:1327:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(rmatchp,   "--");
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:1328:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(rnomatchp, "--");
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:1332:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(pmatchr,   "%.1f%%", (float)stats->correct / (float)predcnt * 100);
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:1333:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(pnomatchr, "%.1f%%", (float)stats->wrong   / (float)predcnt * 100);
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:1337:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(pmatchr,   "--");
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:1338:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(pnomatchr, "--");
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportHTML.c:1404:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char seqdircmd[AGN_MAX_FILENAME_SIZE];
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportText.c:284:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char header[128];
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportText.c:285:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(header, "    .......................................%lu (%.1f%%)\n",
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportText.c:561:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[128];
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportText.c:566:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char rmatchp[32], rnomatchp[32], pmatchr[32], pnomatchr[32];
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportText.c:569:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(rmatchp,   "%.1f%%", (float)stats->correct / (float)refrcnt * 100);
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportText.c:570:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(rnomatchp, "%.1f%%", (float)stats->missing / (float)refrcnt * 100);
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportText.c:574:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(rmatchp,   "--");
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportText.c:575:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(rnomatchp, "--");
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportText.c:579:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(pmatchr,   "%.1f%%", (float)stats->correct / (float)predcnt * 100);
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportText.c:580:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(pnomatchr, "%.1f%%", (float)stats->wrong   / (float)predcnt * 100);
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportText.c:584:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(pmatchr,   "--");
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportText.c:585:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(pnomatchr, "--");
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportText.c:588:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(buffer, "    reference .............................%lu\n", refrcnt);
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportText.c:598:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(buffer, "    prediction ............................%lu\n", predcnt);
data/aegean-0.16.0+dfsg/src/core/AgnComparison.c:189:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(stats->sns, "--");
data/aegean-0.16.0+dfsg/src/core/AgnComparison.c:191:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(stats->sns, "%.3lf", stats->sn);
data/aegean-0.16.0+dfsg/src/core/AgnComparison.c:196:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(stats->sps, "--");
data/aegean-0.16.0+dfsg/src/core/AgnComparison.c:198:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(stats->sps, "%.3lf", stats->sp);
data/aegean-0.16.0+dfsg/src/core/AgnComparison.c:205:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(stats->f1s, "--");
data/aegean-0.16.0+dfsg/src/core/AgnComparison.c:207:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(stats->f1s, "%.3lf", stats->f1);
data/aegean-0.16.0+dfsg/src/core/AgnComparison.c:213:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(stats->eds, "--");
data/aegean-0.16.0+dfsg/src/core/AgnComparison.c:215:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(stats->eds, "%.3lf", stats->ed);
data/aegean-0.16.0+dfsg/src/core/AgnComparison.c:269:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(stats->mcs, "--");
data/aegean-0.16.0+dfsg/src/core/AgnComparison.c:271:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(stats->mcs, "%.3lf", stats->mc);
data/aegean-0.16.0+dfsg/src/core/AgnComparison.c:276:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(stats->ccs, "--");
data/aegean-0.16.0+dfsg/src/core/AgnComparison.c:278:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(stats->ccs, "%.3lf", stats->cc);
data/aegean-0.16.0+dfsg/src/core/AgnComparison.c:283:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(stats->sns, "--");
data/aegean-0.16.0+dfsg/src/core/AgnComparison.c:285:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(stats->sns, "%.3lf", stats->sn);
data/aegean-0.16.0+dfsg/src/core/AgnComparison.c:290:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(stats->sps, "--");
data/aegean-0.16.0+dfsg/src/core/AgnComparison.c:292:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(stats->sps, "%.3lf", stats->sp);
data/aegean-0.16.0+dfsg/src/core/AgnComparison.c:299:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(stats->f1s, "--");
data/aegean-0.16.0+dfsg/src/core/AgnComparison.c:301:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(stats->f1s, "%.3lf", stats->f1);
data/aegean-0.16.0+dfsg/src/core/AgnComparison.c:307:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(stats->eds, "--");
data/aegean-0.16.0+dfsg/src/core/AgnComparison.c:309:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(stats->eds, "%.3lf", stats->ed);
data/aegean-0.16.0+dfsg/src/core/AgnGaevalVisitor.c:538:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char covstr[16];
data/aegean-0.16.0+dfsg/src/core/AgnGaevalVisitor.c:539:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(covstr, "%.3lf", coverage);
data/aegean-0.16.0+dfsg/src/core/AgnGaevalVisitor.c:544:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char intstr[16];
data/aegean-0.16.0+dfsg/src/core/AgnGaevalVisitor.c:545:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(intstr, "%.3lf", integrity);
data/aegean-0.16.0+dfsg/src/core/AgnGeneStream.c:309:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *log = fopen("/dev/null", "w");
data/aegean-0.16.0+dfsg/src/core/AgnInferCDSVisitor.c:238:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char newid[64];
data/aegean-0.16.0+dfsg/src/core/AgnInferCDSVisitor.c:239:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(newid, "CDS%lu", v->cdscounter++);
data/aegean-0.16.0+dfsg/src/core/AgnInferExonsVisitor.c:329:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char parentstr[1024];
data/aegean-0.16.0+dfsg/src/core/AgnLocus.c:410:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[256];
data/aegean-0.16.0+dfsg/src/core/AgnLocus.c:460:24:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    filter.testvalue = atol(valuestr);
data/aegean-0.16.0+dfsg/src/core/AgnLocus.c:767:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char trackname[512];
data/aegean-0.16.0+dfsg/src/core/AgnLocus.c:892:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char pngfile[512];
data/aegean-0.16.0+dfsg/src/core/AgnLocusRefineStream.c:351:14:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    origro = atol(rostr);
data/aegean-0.16.0+dfsg/src/core/AgnLocusRefineStream.c:438:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char lenstr[32];
data/aegean-0.16.0+dfsg/src/core/AgnLocusRefineStream.c:439:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(lenstr, "%lu", gt_range_length(&origrange) - origro);
data/aegean-0.16.0+dfsg/src/core/AgnLocusRefineStream.c:464:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char exceptstr[32];
data/aegean-0.16.0+dfsg/src/core/AgnLocusRefineStream.c:466:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(exceptstr, "complex-overlap-%lu", genenum);
data/aegean-0.16.0+dfsg/src/core/AgnLocusRefineStream.c:482:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char lenstr[32];
data/aegean-0.16.0+dfsg/src/core/AgnLocusRefineStream.c:483:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(lenstr, "%lu", gt_range_length(&origrange) - origro);
data/aegean-0.16.0+dfsg/src/core/AgnLocusRefineStream.c:517:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char lenstr[32];
data/aegean-0.16.0+dfsg/src/core/AgnLocusRefineStream.c:518:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(lenstr, "%lu", gt_range_length(&origrange) - origro);
data/aegean-0.16.0+dfsg/src/core/AgnLocusRefineStream.c:543:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char lenstr1[32];
data/aegean-0.16.0+dfsg/src/core/AgnLocusRefineStream.c:544:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char lenstr2[32];
data/aegean-0.16.0+dfsg/src/core/AgnLocusRefineStream.c:545:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(lenstr1, "%lu", elen1);
data/aegean-0.16.0+dfsg/src/core/AgnLocusRefineStream.c:546:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(lenstr2, "%lu", elen2);
data/aegean-0.16.0+dfsg/src/core/AgnLocusRefineStream.c:590:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char lenstr[32];
data/aegean-0.16.0+dfsg/src/core/AgnLocusRefineStream.c:591:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(lenstr, "%lu", gt_range_length(&origrange) - origro);
data/aegean-0.16.0+dfsg/src/core/AgnLocusRefineStream.c:594:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char exceptstr[32];
data/aegean-0.16.0+dfsg/src/core/AgnLocusRefineStream.c:596:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(exceptstr, "complex-overlap-%lu", genenum);
data/aegean-0.16.0+dfsg/src/core/AgnLocusRefineStream.c:665:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lenstr[32];
data/aegean-0.16.0+dfsg/src/core/AgnLocusRefineStream.c:669:12:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      ro = atol(rostr);
data/aegean-0.16.0+dfsg/src/core/AgnLocusRefineStream.c:670:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(lenstr, "%lu", gt_range_length(&rng) - ro);
data/aegean-0.16.0+dfsg/src/core/AgnLocusRefineStream.c:723:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char locusname[256];
data/aegean-0.16.0+dfsg/src/core/AgnLocusRefineStream.c:778:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char key[128];
data/aegean-0.16.0+dfsg/src/core/AgnLocusRefineStream.c:779:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char value[32];
data/aegean-0.16.0+dfsg/src/core/AgnLocusRefineStream.c:781:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(value, "%lu", *attrvalue);
data/aegean-0.16.0+dfsg/src/core/AgnLocusStream.c:300:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char ovrlp[16];
data/aegean-0.16.0+dfsg/src/core/AgnLocusStream.c:301:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(ovrlp, "%lu", overlap);
data/aegean-0.16.0+dfsg/src/core/AgnLocusStream.c:322:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char ovrlp[16];
data/aegean-0.16.0+dfsg/src/core/AgnLocusStream.c:323:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(ovrlp, "%lu", overlap);
data/aegean-0.16.0+dfsg/src/core/AgnLocusStream.c:368:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char iilocuslen[32];
data/aegean-0.16.0+dfsg/src/core/AgnLocusStream.c:369:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(iilocuslen, "%lu", gt_range_length(&irange));
data/aegean-0.16.0+dfsg/src/core/AgnLocusStream.c:523:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char locusname[256];
data/aegean-0.16.0+dfsg/src/core/AgnLocusStream.c:578:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char key[128];
data/aegean-0.16.0+dfsg/src/core/AgnLocusStream.c:579:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char value[32];
data/aegean-0.16.0+dfsg/src/core/AgnLocusStream.c:581:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(value, "%lu", *attrvalue);
data/aegean-0.16.0+dfsg/src/core/AgnTranscriptClique.c:180:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char id[32768];
data/aegean-0.16.0+dfsg/src/core/AgnUtils.c:317:18:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    int spaces = sprintf(buffer, "%lu", n);
data/aegean-0.16.0+dfsg/src/core/AgnUtils.c:323:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(buffer, ",%03lu", n % 1000);
data/aegean-0.16.0+dfsg/src/gaeval.c:83:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      options->params.exp_3putr_len = atoi(optarg);
data/aegean-0.16.0+dfsg/src/gaeval.c:85:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      options->params.exp_5putr_len = atoi(optarg);
data/aegean-0.16.0+dfsg/src/gaeval.c:91:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      options->params.exp_cds_len = atoi(optarg);
data/aegean-0.16.0+dfsg/src/locuspocus.c:215:29:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      options->genestream = fopen(optarg, "w");
data/aegean-0.16.0+dfsg/src/locuspocus.c:226:27:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      options->ilenfile = fopen(optarg, "w");
data/aegean-0.16.0+dfsg/src/locuspocus.c:289:30:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      options->transstream = fopen(optarg, "w");
data/aegean-0.16.0+dfsg/src/pmrna.c:69:28:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      options->mapstream = fopen(optarg, "w");
data/aegean-0.16.0+dfsg/src/xtractore.c:151:25:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      options->idfile = fopen(optarg, "r");
data/aegean-0.16.0+dfsg/src/xtractore.c:157:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      options->outfile = fopen(optarg, "w");
data/aegean-0.16.0+dfsg/src/xtractore.c:345:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char subseqid[1024];
data/aegean-0.16.0+dfsg/src/core/AgnCliquePair.c:338:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      strlen(refr_vector) == gt_genome_node_get_length(pair->refr_clique) &&
data/aegean-0.16.0+dfsg/src/core/AgnCliquePair.c:339:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      strlen(pred_vector) == gt_genome_node_get_length(pair->refr_clique)
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportText.c:287:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(header + 4, label, strlen(label));
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportText.c:287:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  strncpy(header + 4, label, strlen(label));
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportText.c:589:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(buffer + 14, units, strlen(units));
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportText.c:589:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  strncpy(buffer + 14, units, strlen(units));
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportText.c:599:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(buffer + 15, units, strlen(units));
data/aegean-0.16.0+dfsg/src/core/AgnCompareReportText.c:599:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  strncpy(buffer + 15, units, strlen(units));
data/aegean-0.16.0+dfsg/src/core/AgnInferExonsVisitor.c:323:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if(strlen(tid) > 1023)
data/aegean-0.16.0+dfsg/src/core/AgnInferExonsVisitor.c:327:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                      "characters), will be truncated\n", strlen(tid));
data/aegean-0.16.0+dfsg/src/core/AgnInferExonsVisitor.c:330:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(parentstr, parentattr, 1023);
data/aegean-0.16.0+dfsg/src/core/AgnInferExonsVisitor.c:331:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      sprintf(parentstr + strlen(parentstr), ",%s", tid);
data/aegean-0.16.0+dfsg/src/core/AgnLocus.c:415:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(strlen(buffer) == 0 || buffer[0] == '\n' || buffer[0] == '#')
data/aegean-0.16.0+dfsg/src/core/AgnTranscriptClique.c:194:16:  [1] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source is a constant character.
      idptr += sprintf(idptr, ",");
data/aegean-0.16.0+dfsg/src/core/AgnTranscriptClique.c:539:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  agn_assert(gt_range_length(&locusrange) == strlen(modelvector));
data/aegean-0.16.0+dfsg/src/xtractore.c:264:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(outseqp, (char *)(sequence + region->r.start - 1), rlength);
data/aegean-0.16.0+dfsg/src/xtractore.c:278:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  GtUword seqlen = strlen(sequence);

ANALYSIS SUMMARY:

Hits = 213
Lines analyzed = 16157 in approximately 0.49 seconds (32746 lines/second)
Physical Source Lines of Code (SLOC) = 12050
Hits@level = [0] 241 [1]  17 [2] 146 [3]  12 [4]  38 [5]   0
Hits@level+ = [0+] 454 [1+] 213 [2+] 196 [3+]  50 [4+]  38 [5+]   0
Hits/KSLOC@level+ = [0+] 37.6763 [1+] 17.6763 [2+] 16.2656 [3+] 4.14938 [4+] 3.15353 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.