Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/bandage-0.8.1/blast/blasthit.cpp
Examining data/bandage-0.8.1/blast/blasthit.h
Examining data/bandage-0.8.1/blast/blasthitpart.h
Examining data/bandage-0.8.1/blast/blastqueries.cpp
Examining data/bandage-0.8.1/blast/blastqueries.h
Examining data/bandage-0.8.1/blast/blastquery.cpp
Examining data/bandage-0.8.1/blast/blastquery.h
Examining data/bandage-0.8.1/blast/blastquerypath.cpp
Examining data/bandage-0.8.1/blast/blastquerypath.h
Examining data/bandage-0.8.1/blast/blastsearch.cpp
Examining data/bandage-0.8.1/blast/blastsearch.h
Examining data/bandage-0.8.1/blast/buildblastdatabaseworker.cpp
Examining data/bandage-0.8.1/blast/buildblastdatabaseworker.h
Examining data/bandage-0.8.1/blast/runblastsearchworker.cpp
Examining data/bandage-0.8.1/blast/runblastsearchworker.h
Examining data/bandage-0.8.1/command_line/commoncommandlinefunctions.cpp
Examining data/bandage-0.8.1/command_line/commoncommandlinefunctions.h
Examining data/bandage-0.8.1/command_line/image.cpp
Examining data/bandage-0.8.1/command_line/image.h
Examining data/bandage-0.8.1/command_line/info.cpp
Examining data/bandage-0.8.1/command_line/info.h
Examining data/bandage-0.8.1/command_line/load.cpp
Examining data/bandage-0.8.1/command_line/load.h
Examining data/bandage-0.8.1/command_line/querypaths.cpp
Examining data/bandage-0.8.1/command_line/querypaths.h
Examining data/bandage-0.8.1/command_line/reduce.cpp
Examining data/bandage-0.8.1/command_line/reduce.h
Examining data/bandage-0.8.1/graph/assemblygraph.cpp
Examining data/bandage-0.8.1/graph/assemblygraph.h
Examining data/bandage-0.8.1/graph/debruijnedge.cpp
Examining data/bandage-0.8.1/graph/debruijnedge.h
Examining data/bandage-0.8.1/graph/debruijnnode.cpp
Examining data/bandage-0.8.1/graph/debruijnnode.h
Examining data/bandage-0.8.1/graph/graphicsitemedge.cpp
Examining data/bandage-0.8.1/graph/graphicsitemedge.h
Examining data/bandage-0.8.1/graph/graphicsitemnode.cpp
Examining data/bandage-0.8.1/graph/graphicsitemnode.h
Examining data/bandage-0.8.1/graph/graphlocation.cpp
Examining data/bandage-0.8.1/graph/graphlocation.h
Examining data/bandage-0.8.1/graph/ogdfnode.h
Examining data/bandage-0.8.1/graph/path.cpp
Examining data/bandage-0.8.1/graph/path.h
Examining data/bandage-0.8.1/graph/querydistance.h
Examining data/bandage-0.8.1/ogdf/basic/AdjEntryArray.h
Examining data/bandage-0.8.1/ogdf/basic/Array.h
Examining data/bandage-0.8.1/ogdf/basic/Array2D.h
Examining data/bandage-0.8.1/ogdf/basic/BoundedStack.h
Examining data/bandage-0.8.1/ogdf/basic/CombinatorialEmbedding.cpp
Examining data/bandage-0.8.1/ogdf/basic/CombinatorialEmbedding.h
Examining data/bandage-0.8.1/ogdf/basic/Constraint.cpp
Examining data/bandage-0.8.1/ogdf/basic/Constraints.h
Examining data/bandage-0.8.1/ogdf/basic/CriticalSection.h
Examining data/bandage-0.8.1/ogdf/basic/EdgeArray.h
Examining data/bandage-0.8.1/ogdf/basic/FaceArray.h
Examining data/bandage-0.8.1/ogdf/basic/FaceSet.h
Examining data/bandage-0.8.1/ogdf/basic/Graph.cpp
Examining data/bandage-0.8.1/ogdf/basic/Graph.h
Examining data/bandage-0.8.1/ogdf/basic/GraphAttributes.cpp
Examining data/bandage-0.8.1/ogdf/basic/GraphAttributes.h
Examining data/bandage-0.8.1/ogdf/basic/GraphCopy.cpp
Examining data/bandage-0.8.1/ogdf/basic/GraphCopy.h
Examining data/bandage-0.8.1/ogdf/basic/GraphObserver.h
Examining data/bandage-0.8.1/ogdf/basic/Graph_d.h
Examining data/bandage-0.8.1/ogdf/basic/HashArray.h
Examining data/bandage-0.8.1/ogdf/basic/Hashing.cpp
Examining data/bandage-0.8.1/ogdf/basic/Hashing.h
Examining data/bandage-0.8.1/ogdf/basic/List.h
Examining data/bandage-0.8.1/ogdf/basic/Math.cpp
Examining data/bandage-0.8.1/ogdf/basic/Math.h
Examining data/bandage-0.8.1/ogdf/basic/NodeArray.h
Examining data/bandage-0.8.1/ogdf/basic/SList.h
Examining data/bandage-0.8.1/ogdf/basic/Stack.h
Examining data/bandage-0.8.1/ogdf/basic/String.cpp
Examining data/bandage-0.8.1/ogdf/basic/String.h
Examining data/bandage-0.8.1/ogdf/basic/System.cpp
Examining data/bandage-0.8.1/ogdf/basic/System.h
Examining data/bandage-0.8.1/ogdf/basic/basic.cpp
Examining data/bandage-0.8.1/ogdf/basic/basic.h
Examining data/bandage-0.8.1/ogdf/basic/comparer.h
Examining data/bandage-0.8.1/ogdf/basic/exceptions.h
Examining data/bandage-0.8.1/ogdf/basic/geometry.cpp
Examining data/bandage-0.8.1/ogdf/basic/geometry.h
Examining data/bandage-0.8.1/ogdf/basic/memory.h
Examining data/bandage-0.8.1/ogdf/basic/simple_graph_alg.cpp
Examining data/bandage-0.8.1/ogdf/basic/simple_graph_alg.h
Examining data/bandage-0.8.1/ogdf/basic/tuples.h
Examining data/bandage-0.8.1/ogdf/cluster/ClusterArray.h
Examining data/bandage-0.8.1/ogdf/cluster/ClusterGraph.cpp
Examining data/bandage-0.8.1/ogdf/cluster/ClusterGraph.h
Examining data/bandage-0.8.1/ogdf/cluster/ClusterGraphAttributes.cpp
Examining data/bandage-0.8.1/ogdf/cluster/ClusterGraphAttributes.h
Examining data/bandage-0.8.1/ogdf/cluster/ClusterGraphObserver.h
Examining data/bandage-0.8.1/ogdf/energybased/Edge.h
Examining data/bandage-0.8.1/ogdf/energybased/FMMMLayout.cpp
Examining data/bandage-0.8.1/ogdf/energybased/FMMMLayout.h
Examining data/bandage-0.8.1/ogdf/energybased/MAARPacking.cpp
Examining data/bandage-0.8.1/ogdf/energybased/MAARPacking.h
Examining data/bandage-0.8.1/ogdf/energybased/Multilevel.cpp
Examining data/bandage-0.8.1/ogdf/energybased/Multilevel.h
Examining data/bandage-0.8.1/ogdf/energybased/Node.h
Examining data/bandage-0.8.1/ogdf/energybased/PQueue.h
Examining data/bandage-0.8.1/ogdf/energybased/PackingRowInfo.h
Examining data/bandage-0.8.1/ogdf/energybased/Rectangle.h
Examining data/bandage-0.8.1/ogdf/energybased/Set.cpp
Examining data/bandage-0.8.1/ogdf/energybased/Set.h
Examining data/bandage-0.8.1/ogdf/energybased/numexcept.cpp
Examining data/bandage-0.8.1/ogdf/energybased/numexcept.h
Examining data/bandage-0.8.1/ogdf/fileformats/DinoLineBuffer.cpp
Examining data/bandage-0.8.1/ogdf/fileformats/DinoLineBuffer.h
Examining data/bandage-0.8.1/ogdf/fileformats/DinoTools.cpp
Examining data/bandage-0.8.1/ogdf/fileformats/DinoTools.h
Examining data/bandage-0.8.1/ogdf/fileformats/DinoXmlParser.cpp
Examining data/bandage-0.8.1/ogdf/fileformats/DinoXmlParser.h
Examining data/bandage-0.8.1/ogdf/fileformats/DinoXmlScanner.cpp
Examining data/bandage-0.8.1/ogdf/fileformats/DinoXmlScanner.h
Examining data/bandage-0.8.1/ogdf/fileformats/GmlParser.cpp
Examining data/bandage-0.8.1/ogdf/fileformats/GmlParser.h
Examining data/bandage-0.8.1/ogdf/fileformats/Ogml.cpp
Examining data/bandage-0.8.1/ogdf/fileformats/Ogml.h
Examining data/bandage-0.8.1/ogdf/fileformats/OgmlParser.cpp
Examining data/bandage-0.8.1/ogdf/fileformats/OgmlParser.h
Examining data/bandage-0.8.1/ogdf/fileformats/XmlObject.h
Examining data/bandage-0.8.1/ogdf/fileformats/XmlParser.cpp
Examining data/bandage-0.8.1/ogdf/fileformats/XmlParser.h
Examining data/bandage-0.8.1/ogdf/internal/basic/MallocMemoryAllocator.h
Examining data/bandage-0.8.1/ogdf/internal/basic/PoolMemoryAllocator.cpp
Examining data/bandage-0.8.1/ogdf/internal/basic/PoolMemoryAllocator.h
Examining data/bandage-0.8.1/ogdf/internal/basic/list_templates.h
Examining data/bandage-0.8.1/ogdf/internal/energybased/EdgeAttributes.cpp
Examining data/bandage-0.8.1/ogdf/internal/energybased/EdgeAttributes.h
Examining data/bandage-0.8.1/ogdf/internal/energybased/FruchtermanReingold.cpp
Examining data/bandage-0.8.1/ogdf/internal/energybased/FruchtermanReingold.h
Examining data/bandage-0.8.1/ogdf/internal/energybased/MultilevelGraph.cpp
Examining data/bandage-0.8.1/ogdf/internal/energybased/MultilevelGraph.h
Examining data/bandage-0.8.1/ogdf/internal/energybased/NMM.cpp
Examining data/bandage-0.8.1/ogdf/internal/energybased/NMM.h
Examining data/bandage-0.8.1/ogdf/internal/energybased/NodeAttributes.cpp
Examining data/bandage-0.8.1/ogdf/internal/energybased/NodeAttributes.h
Examining data/bandage-0.8.1/ogdf/internal/energybased/ParticleInfo.h
Examining data/bandage-0.8.1/ogdf/internal/energybased/QuadTreeNM.cpp
Examining data/bandage-0.8.1/ogdf/internal/energybased/QuadTreeNM.h
Examining data/bandage-0.8.1/ogdf/internal/energybased/QuadTreeNodeNM.cpp
Examining data/bandage-0.8.1/ogdf/internal/energybased/QuadTreeNodeNM.h
Examining data/bandage-0.8.1/ogdf/module/LayoutModule.h
Examining data/bandage-0.8.1/program/globals.cpp
Examining data/bandage-0.8.1/program/globals.h
Examining data/bandage-0.8.1/program/graphlayoutworker.cpp
Examining data/bandage-0.8.1/program/graphlayoutworker.h
Examining data/bandage-0.8.1/program/main.cpp
Examining data/bandage-0.8.1/program/memory.cpp
Examining data/bandage-0.8.1/program/memory.h
Examining data/bandage-0.8.1/program/scinot.cpp
Examining data/bandage-0.8.1/program/scinot.h
Examining data/bandage-0.8.1/program/settings.cpp
Examining data/bandage-0.8.1/program/settings.h
Examining data/bandage-0.8.1/tests/bandagetests.cpp
Examining data/bandage-0.8.1/ui/aboutdialog.cpp
Examining data/bandage-0.8.1/ui/aboutdialog.h
Examining data/bandage-0.8.1/ui/blasthitfiltersdialog.cpp
Examining data/bandage-0.8.1/ui/blasthitfiltersdialog.h
Examining data/bandage-0.8.1/ui/blastsearchdialog.cpp
Examining data/bandage-0.8.1/ui/blastsearchdialog.h
Examining data/bandage-0.8.1/ui/changenodedepthdialog.cpp
Examining data/bandage-0.8.1/ui/changenodedepthdialog.h
Examining data/bandage-0.8.1/ui/changenodenamedialog.cpp
Examining data/bandage-0.8.1/ui/changenodenamedialog.h
Examining data/bandage-0.8.1/ui/colourbutton.cpp
Examining data/bandage-0.8.1/ui/colourbutton.h
Examining data/bandage-0.8.1/ui/enteroneblastquerydialog.cpp
Examining data/bandage-0.8.1/ui/enteroneblastquerydialog.h
Examining data/bandage-0.8.1/ui/graphicsviewzoom.cpp
Examining data/bandage-0.8.1/ui/graphicsviewzoom.h
Examining data/bandage-0.8.1/ui/graphinfodialog.cpp
Examining data/bandage-0.8.1/ui/graphinfodialog.h
Examining data/bandage-0.8.1/ui/infotextwidget.cpp
Examining data/bandage-0.8.1/ui/infotextwidget.h
Examining data/bandage-0.8.1/ui/mainwindow.cpp
Examining data/bandage-0.8.1/ui/mainwindow.h
Examining data/bandage-0.8.1/ui/mygraphicsscene.cpp
Examining data/bandage-0.8.1/ui/mygraphicsscene.h
Examining data/bandage-0.8.1/ui/mygraphicsview.cpp
Examining data/bandage-0.8.1/ui/mygraphicsview.h
Examining data/bandage-0.8.1/ui/myprogressdialog.cpp
Examining data/bandage-0.8.1/ui/myprogressdialog.h
Examining data/bandage-0.8.1/ui/mytablewidget.cpp
Examining data/bandage-0.8.1/ui/mytablewidget.h
Examining data/bandage-0.8.1/ui/nodewidthvisualaid.cpp
Examining data/bandage-0.8.1/ui/nodewidthvisualaid.h
Examining data/bandage-0.8.1/ui/pathspecifydialog.cpp
Examining data/bandage-0.8.1/ui/pathspecifydialog.h
Examining data/bandage-0.8.1/ui/querypathsdialog.cpp
Examining data/bandage-0.8.1/ui/querypathsdialog.h
Examining data/bandage-0.8.1/ui/querypathsequencecopybutton.cpp
Examining data/bandage-0.8.1/ui/querypathsequencecopybutton.h
Examining data/bandage-0.8.1/ui/querypathspushbutton.cpp
Examining data/bandage-0.8.1/ui/querypathspushbutton.h
Examining data/bandage-0.8.1/ui/settingsdialog.cpp
Examining data/bandage-0.8.1/ui/settingsdialog.h
Examining data/bandage-0.8.1/ui/tablewidgetitemdouble.cpp
Examining data/bandage-0.8.1/ui/tablewidgetitemdouble.h
Examining data/bandage-0.8.1/ui/tablewidgetitemint.cpp
Examining data/bandage-0.8.1/ui/tablewidgetitemint.h
Examining data/bandage-0.8.1/ui/tablewidgetitemname.cpp
Examining data/bandage-0.8.1/ui/tablewidgetitemname.h
Examining data/bandage-0.8.1/ui/tablewidgetitemshown.cpp
Examining data/bandage-0.8.1/ui/tablewidgetitemshown.h
Examining data/bandage-0.8.1/ui/verticallabel.cpp
Examining data/bandage-0.8.1/ui/verticallabel.h
Examining data/bandage-0.8.1/ui/verticalscrollarea.cpp
Examining data/bandage-0.8.1/ui/verticalscrollarea.h
FINAL RESULTS:
data/bandage-0.8.1/ogdf/basic/String.cpp:84:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
ogdf::strcpy(m_pChar,m_length+1,str);
data/bandage-0.8.1/ogdf/basic/String.cpp:118:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
ogdf::strcpy(m_pChar,m_length+1,str.m_pChar);
data/bandage-0.8.1/ogdf/basic/String.cpp:138:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
ogdf::strcpy(m_pChar,m_length+1,str.m_pChar);
data/bandage-0.8.1/ogdf/basic/String.cpp:152:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
ogdf::strcpy(m_pChar,m_length+1,str);
data/bandage-0.8.1/ogdf/basic/String.cpp:170:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
ogdf::strcpy(m_pChar,m_length+1,pOldChar);
data/bandage-0.8.1/ogdf/basic/String.cpp:171:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
ogdf::strcpy(m_pChar+oldLength,m_length+1-oldLength,str.m_pChar);
data/bandage-0.8.1/ogdf/basic/String.cpp:179:14: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
void String::sprintf(const char *format, ...)
data/bandage-0.8.1/ogdf/basic/String.cpp:186:19: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
m_length = ogdf::vsprintf(s_pBuffer,OGDF_STRING_BUFFER_SIZE,format,argList);
data/bandage-0.8.1/ogdf/basic/String.cpp:190:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
ogdf::strcpy(m_pChar,m_length+1,s_pBuffer);
data/bandage-0.8.1/ogdf/basic/String.h:206:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
void sprintf(const char *format, ...);
data/bandage-0.8.1/ogdf/basic/System.cpp:332:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(filename, 32, "/proc/%d/statm", pid);
data/bandage-0.8.1/ogdf/basic/basic.cpp:207:14: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
filePattern.sprintf("%s\\%s", dirName, pattern);
data/bandage-0.8.1/ogdf/basic/basic.cpp:275:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
fullName.sprintf("%s/%s", dirName, fname);
data/bandage-0.8.1/ogdf/basic/basic.h:538:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
inline int sprintf(char *buffer, size_t sizeOfBuffer, const char *format, ...)
data/bandage-0.8.1/ogdf/basic/basic.h:546:12: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
inline int vsprintf(char *buffer, size_t sizeInBytes, const char *format, va_list argptr)
data/bandage-0.8.1/ogdf/basic/basic.h:551:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
inline int strcat(char *strDest, size_t sizeOfDest, const char *strSource)
data/bandage-0.8.1/ogdf/basic/basic.h:556:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
inline int strcpy(char *strDest, size_t sizeOfDest, const char *strSource)
data/bandage-0.8.1/ogdf/basic/basic.h:573:9: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define scanf scanf_s
data/bandage-0.8.1/ogdf/basic/basic.h:574:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define fscanf fscanf_s
data/bandage-0.8.1/ogdf/basic/basic.h:575:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define sscanf sscanf_s
data/bandage-0.8.1/ogdf/basic/basic.h:591:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
inline int sprintf(char *buffer, size_t, const char *format, ...)
data/bandage-0.8.1/ogdf/basic/basic.h:596:11: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
return ::vsprintf(buffer, format, args);
data/bandage-0.8.1/ogdf/basic/basic.h:600:12: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
inline int vsprintf(char *buffer, size_t, const char *format, va_list argptr)
data/bandage-0.8.1/ogdf/basic/basic.h:602:11: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
return ::vsprintf(buffer, format, argptr);
data/bandage-0.8.1/ogdf/basic/basic.h:606:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
inline int strcat(char *strDest, size_t, const char *strSource)
data/bandage-0.8.1/ogdf/basic/basic.h:608:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
::strcat(strDest, strSource);
data/bandage-0.8.1/ogdf/basic/basic.h:612:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
inline int strcpy(char *strDest, size_t, const char *strSource)
data/bandage-0.8.1/ogdf/basic/basic.h:614:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
::strcpy(strDest, strSource);
data/bandage-0.8.1/ogdf/cluster/ClusterGraph.cpp:1702:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
ogdf::sprintf(newLabel,124,"C%d",c->index());
data/bandage-0.8.1/ogdf/fileformats/DinoLineBuffer.cpp:351:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
ogdf::strcpy(targetString, DinoLineBuffer::c_maxStringLength, "String too long!");
data/bandage-0.8.1/ogdf/fileformats/DinoLineBuffer.cpp:379:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
ogdf::strcpy(targetString, DinoLineBuffer::c_maxStringLength, "String too long!");
data/bandage-0.8.1/ogdf/fileformats/GmlParser.cpp:189:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
ogdf::strcpy(pChar,len,m_stringSymbol);
data/bandage-0.8.1/ogdf/fileformats/XmlParser.cpp:168:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
ogdf::strcpy(newObjectBodyName,len,m_keyName);
data/bandage-0.8.1/ogdf/fileformats/XmlParser.cpp:182:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
ogdf::strcpy(pChar,len,m_stringSymbol);
data/bandage-0.8.1/ogdf/fileformats/XmlParser.cpp:208:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
ogdf::strcpy(pChar,len,m_stringSymbol);
data/bandage-0.8.1/ogdf/fileformats/XmlParser.cpp:536:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
ogdf::strcpy(m_keyName,len,pStart);
data/bandage-0.8.1/ogdf/fileformats/XmlParser.cpp:640:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
ogdf::strcpy(idMap[idCount++],len,nodeSon->m_stringValue);
data/bandage-0.8.1/ogdf/fileformats/XmlParser.cpp:650:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
ogdf::strcpy(typeName[typeCount],len,nodeSon->m_stringValue);
data/bandage-0.8.1/ogdf/basic/CriticalSection.h:78:3: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&m_cs);
data/bandage-0.8.1/ogdf/basic/CriticalSection.h:98:3: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&m_cs);
data/bandage-0.8.1/ogdf/energybased/FMMMLayout.cpp:1183:4: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned int)time(0));
data/bandage-0.8.1/ogdf/energybased/FMMMLayout.cpp:1185:13: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(clock());
data/bandage-0.8.1/ogdf/energybased/Multilevel.cpp:69:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(rand_seed);
data/bandage-0.8.1/ogdf/energybased/Set.cpp:64:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(rand_seed);
data/bandage-0.8.1/ui/mainwindow.cpp:82:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/bandage-0.8.1/blast/blastqueries.cpp:144:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file->open(QIODevice::Append | QIODevice::Text);
data/bandage-0.8.1/blast/buildblastdatabaseworker.cpp:40:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::WriteOnly | QIODevice::Text);
data/bandage-0.8.1/command_line/querypaths.cpp:137:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tableFile.open(QIODevice::WriteOnly | QIODevice::Text);
data/bandage-0.8.1/command_line/querypaths.cpp:227:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pathsFile.open(QIODevice::WriteOnly | QIODevice::Text);
data/bandage-0.8.1/command_line/querypaths.cpp:240:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hitsFile.open(QIODevice::WriteOnly | QIODevice::Text);
data/bandage-0.8.1/graph/assemblygraph.cpp:471:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (inputFile.open(QIODevice::ReadOnly))
data/bandage-0.8.1/graph/assemblygraph.cpp:575:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (inputFile.open(QIODevice::ReadOnly)) {
data/bandage-0.8.1/graph/assemblygraph.cpp:818:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (readToTigFile.open(QIODevice::ReadOnly)) {
data/bandage-0.8.1/graph/assemblygraph.cpp:937:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (inputFile.open(QIODevice::ReadOnly))
data/bandage-0.8.1/graph/assemblygraph.cpp:1257:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (inputFile.open(QIODevice::ReadOnly))
data/bandage-0.8.1/graph/assemblygraph.cpp:1524:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (inputFile.open(QIODevice::ReadOnly))
data/bandage-0.8.1/graph/assemblygraph.cpp:1577:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!inputFile.open(QIODevice::ReadOnly))
data/bandage-0.8.1/graph/assemblygraph.cpp:2367:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (inputFile.open(QIODevice::ReadOnly))
data/bandage-0.8.1/graph/assemblygraph.cpp:3172:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::WriteOnly | QIODevice::Text);
data/bandage-0.8.1/graph/assemblygraph.cpp:3186:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::WriteOnly | QIODevice::Text);
data/bandage-0.8.1/graph/assemblygraph.cpp:3202:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool success = file.open(QIODevice::WriteOnly | QIODevice::Text);
data/bandage-0.8.1/graph/assemblygraph.cpp:3238:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool success = file.open(QIODevice::WriteOnly | QIODevice::Text);
data/bandage-0.8.1/ogdf/basic/String.h:75:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s_pBuffer[OGDF_STRING_BUFFER_SIZE]; //!< Temporary buffer used by sprintf().
data/bandage-0.8.1/ogdf/basic/System.cpp:331:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[32];
data/bandage-0.8.1/ogdf/basic/System.cpp:334:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(filename, O_RDONLY, 0);
data/bandage-0.8.1/ogdf/basic/System.cpp:337:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sbuf[256];
data/bandage-0.8.1/ogdf/basic/basic.h:577:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inline FILE *fopen(const char *filename, const char *mode)
data/bandage-0.8.1/ogdf/cluster/ClusterGraph.cpp:1700:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newLabel[124];
data/bandage-0.8.1/ogdf/fileformats/DinoTools.cpp:55:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempString[20];
data/bandage-0.8.1/ogdf/fileformats/GmlParser.cpp:950:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int vID = atoi(vIDString.cstr());
data/bandage-0.8.1/ogdf/fileformats/GmlParser.cpp:1018:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int vID = atoi(vIDString.cstr());
data/bandage-0.8.1/ogdf/fileformats/GmlParser.cpp:1152:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int vID = atoi(vIDString.cstr());
data/bandage-0.8.1/ogdf/fileformats/GmlParser.cpp:1228:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int vID = atoi(vIDString.cstr());
data/bandage-0.8.1/ogdf/fileformats/OgmlParser.cpp:2167:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(strId.cstr());
data/bandage-0.8.1/ogdf/internal/basic/PoolMemoryAllocator.cpp:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_fill[eBlockSize-sizeof(void*)];
data/bandage-0.8.1/ui/mainwindow.cpp:974:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::WriteOnly | QIODevice::Text);
data/bandage-0.8.1/ui/mainwindow.cpp:1040:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::WriteOnly | QIODevice::Text);
data/bandage-0.8.1/ui/pathspecifydialog.cpp:143:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::WriteOnly | QIODevice::Text);
data/bandage-0.8.1/ogdf/basic/Array.h:290:27: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(size() == 1 && comp.equal(e, m_vpStart[low()]))
data/bandage-0.8.1/ogdf/basic/Array.h:303:15: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return comp.equal(e, m_vpStart[l]) ? l : low()-1;
data/bandage-0.8.1/ogdf/basic/Array.h:328:12: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(comp.equal(e, m_pStart[i])) break;
data/bandage-0.8.1/ogdf/basic/Graph.cpp:1174:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool result = gml.read(*this);
data/bandage-0.8.1/ogdf/basic/GraphAttributes.cpp:285:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return gml.read(G,*this);
data/bandage-0.8.1/ogdf/basic/GraphAttributes.cpp:601:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return xml.read(G,*this);
data/bandage-0.8.1/ogdf/basic/List.h:1050:12: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(comp.equal(*i,e)) return x;
data/bandage-0.8.1/ogdf/basic/SList.h:602:12: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(comp.equal(*i,e)) return x;
data/bandage-0.8.1/ogdf/basic/String.cpp:80:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_length = strlen(str);
data/bandage-0.8.1/ogdf/basic/String.cpp:94:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
ogdf::strncpy(m_pChar, m_length+1, str, m_length);
data/bandage-0.8.1/ogdf/basic/String.cpp:148:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_length = strlen(str);
data/bandage-0.8.1/ogdf/basic/System.cpp:338:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sbuf[read(fd, sbuf, sizeof(sbuf) - 1)] = 0;
data/bandage-0.8.1/ogdf/basic/System.h:189:10: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
return memalign(alignment,size);
data/bandage-0.8.1/ogdf/basic/basic.h:561:12: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
inline int strncpy(char *strDest, size_t sizeOfDest, const char *strSource, size_t count)
data/bandage-0.8.1/ogdf/basic/basic.h:618:12: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
inline int strncpy(char *strDest, size_t, const char *strSource, size_t count)
data/bandage-0.8.1/ogdf/basic/basic.h:620:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
::strncpy(strDest, strSource, count);
data/bandage-0.8.1/ogdf/basic/comparer.h:89:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static bool equal(const E &/*x*/, const E &/*y*/) { OGDF_THROW(NoStdComparerException); }
data/bandage-0.8.1/ogdf/basic/comparer.h:101:15: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static bool equal (const type &x, const type &y) { return x == y; } \
data/bandage-0.8.1/ogdf/basic/comparer.h:115:14: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static bool equal (const bool &x, const bool &y) { return x == y; }
data/bandage-0.8.1/ogdf/basic/comparer.h:131:14: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static bool equal (const CONTENTPOINTER &x, const CONTENTPOINTER &y) { return STATICCONTENTCOMPARER::equal (*x,*y); }
data/bandage-0.8.1/ogdf/basic/comparer.h:131:104: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static bool equal (const CONTENTPOINTER &x, const CONTENTPOINTER &y) { return STATICCONTENTCOMPARER::equal (*x,*y); }
data/bandage-0.8.1/ogdf/basic/comparer.h:179:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool equal(const type &x, const type &y) const { return compare(x,y) == 0; }
data/bandage-0.8.1/ogdf/basic/comparer.h:223:14: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static bool equal(const type &x, const type &y) { return compare(x,y) == 0; }
data/bandage-0.8.1/ogdf/basic/comparer.h:280:15: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
virtual bool equal(const E &x, const E &y) const {
data/bandage-0.8.1/ogdf/cluster/ClusterGraph.cpp:1737:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = gml.read(G);
data/bandage-0.8.1/ogdf/cluster/ClusterGraphAttributes.cpp:684:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = gml.read(G,*this);
data/bandage-0.8.1/ogdf/cluster/ClusterGraphAttributes.cpp:728:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return op.read(fileName, G, CG, *this);
data/bandage-0.8.1/ogdf/energybased/Rectangle.h:164:8: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool equal(const Rectangle& A,const Rectangle & B) const
data/bandage-0.8.1/ogdf/energybased/Rectangle.h:196:8: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool equal(const Rectangle& A,const Rectangle & B) const
data/bandage-0.8.1/ogdf/energybased/Rectangle.h:228:14: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool equal(const Rectangle& A,const Rectangle & B) const
data/bandage-0.8.1/ogdf/fileformats/GmlParser.cpp:185:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(m_stringSymbol)+1;
data/bandage-0.8.1/ogdf/fileformats/GmlParser.cpp:467:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool GmlParser::read(Graph &G)
data/bandage-0.8.1/ogdf/fileformats/GmlParser.cpp:554:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool GmlParser::read(Graph &G, GraphAttributes &AG)
data/bandage-0.8.1/ogdf/fileformats/GmlParser.h:165:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(Graph &G);
data/bandage-0.8.1/ogdf/fileformats/GmlParser.h:167:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(Graph &G, GraphAttributes &AG);
data/bandage-0.8.1/ogdf/fileformats/OgmlParser.cpp:3794:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool OgmlParser::read(
data/bandage-0.8.1/ogdf/fileformats/OgmlParser.cpp:3861:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool OgmlParser::read(
data/bandage-0.8.1/ogdf/fileformats/OgmlParser.h:266:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(
data/bandage-0.8.1/ogdf/fileformats/OgmlParser.h:279:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(
data/bandage-0.8.1/ogdf/fileformats/XmlParser.cpp:165:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(m_keyName)+1;
data/bandage-0.8.1/ogdf/fileformats/XmlParser.cpp:180:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(m_stringSymbol)+1;
data/bandage-0.8.1/ogdf/fileformats/XmlParser.cpp:206:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(m_stringSymbol)+1;
data/bandage-0.8.1/ogdf/fileformats/XmlParser.cpp:534:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(pStart)+6;
data/bandage-0.8.1/ogdf/fileformats/XmlParser.cpp:638:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(nodeSon->m_stringValue)+1;
data/bandage-0.8.1/ogdf/fileformats/XmlParser.cpp:648:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(nodeSon->m_stringValue)+1;
data/bandage-0.8.1/ogdf/fileformats/XmlParser.cpp:682:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool XmlParser::read(Graph &G)
data/bandage-0.8.1/ogdf/fileformats/XmlParser.cpp:782:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool XmlParser::read(Graph &G, GraphAttributes &AG)
data/bandage-0.8.1/ogdf/fileformats/XmlParser.h:131:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(Graph &G);
data/bandage-0.8.1/ogdf/fileformats/XmlParser.h:133:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(Graph &G, GraphAttributes &AG);
ANALYSIS SUMMARY:
Hits = 127
Lines analyzed = 73990 in approximately 1.59 seconds (46614 lines/second)
Physical Source Lines of Code (SLOC) = 45206
Hits@level = [0] 5 [1] 49 [2] 33 [3] 7 [4] 38 [5] 0
Hits@level+ = [0+] 132 [1+] 127 [2+] 78 [3+] 45 [4+] 38 [5+] 0
Hits/KSLOC@level+ = [0+] 2.91997 [1+] 2.80936 [2+] 1.72543 [3+] 0.995443 [4+] 0.840596 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.