Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/bio-rainbow-2.0.4+dfsg/aln_cigar.h
Examining data/bio-rainbow-2.0.4+dfsg/asm_R2.h
Examining data/bio-rainbow-2.0.4+dfsg/bitvec.h
Examining data/bio-rainbow-2.0.4+dfsg/bloom_filter.h
Examining data/bio-rainbow-2.0.4+dfsg/cluster.c
Examining data/bio-rainbow-2.0.4+dfsg/divide.c
Examining data/bio-rainbow-2.0.4+dfsg/dna.h
Examining data/bio-rainbow-2.0.4+dfsg/ezmsim.c
Examining data/bio-rainbow-2.0.4+dfsg/file_reader.c
Examining data/bio-rainbow-2.0.4+dfsg/file_reader.h
Examining data/bio-rainbow-2.0.4+dfsg/hashset.h
Examining data/bio-rainbow-2.0.4+dfsg/heap.h
Examining data/bio-rainbow-2.0.4+dfsg/list.h
Examining data/bio-rainbow-2.0.4+dfsg/main.c
Examining data/bio-rainbow-2.0.4+dfsg/mergecontig.c
Examining data/bio-rainbow-2.0.4+dfsg/mergecontig.h
Examining data/bio-rainbow-2.0.4+dfsg/mergectg.c
Examining data/bio-rainbow-2.0.4+dfsg/mergectg.h
Examining data/bio-rainbow-2.0.4+dfsg/mergetag.c
Examining data/bio-rainbow-2.0.4+dfsg/rainbow.h
Examining data/bio-rainbow-2.0.4+dfsg/rbasm_main.c
Examining data/bio-rainbow-2.0.4+dfsg/simp_asm.h
Examining data/bio-rainbow-2.0.4+dfsg/sort.h
Examining data/bio-rainbow-2.0.4+dfsg/stdaln.c
Examining data/bio-rainbow-2.0.4+dfsg/stdaln.h
Examining data/bio-rainbow-2.0.4+dfsg/string.h
Examining data/bio-rainbow-2.0.4+dfsg/vector.h
Examining data/bio-rainbow-2.0.4+dfsg/asm_R2.c
FINAL RESULTS:
data/bio-rainbow-2.0.4+dfsg/file_reader.c:38:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "gzip -dc %s", filenames[i]);
data/bio-rainbow-2.0.4+dfsg/file_reader.c:40:15: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fc->file = popen(cmd, "r");
data/bio-rainbow-2.0.4+dfsg/file_reader.c:44:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fc->filename, filenames[i]);
data/bio-rainbow-2.0.4+dfsg/file_reader.c:73:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(filename, prefix);
data/bio-rainbow-2.0.4+dfsg/file_reader.c:74:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(filename, postfix);
data/bio-rainbow-2.0.4+dfsg/file_reader.h:208:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, filename);
data/bio-rainbow-2.0.4+dfsg/file_reader.h:209:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(name, suffix);
data/bio-rainbow-2.0.4+dfsg/string.h:91:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str, s);
data/bio-rainbow-2.0.4+dfsg/dna.h:150:18: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if(c == 4) c = lrand48() & 0x03;
data/bio-rainbow-2.0.4+dfsg/dna.h:159:18: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if(c == 4) c = lrand48();
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:179:15: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
v1 = 2.0 * drand48() - 1.0;
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:180:15: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
v2 = 2.0 * drand48() - 1.0;
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:206:17: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (drand48() < INDEL_EXTEND) {
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:212:16: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (c < 4 && drand48() < MUT_RATE) { // mutation
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:213:8: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (drand48() >= INDEL_FRAC) { // substitution
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:214:16: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
double r = drand48();
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:216:19: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (is_hap || drand48() < HOM_RATE) { // hom
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:219:10: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ret[drand48()<0.5?0:1]->s[i] = SUBSTITUTE|c;
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:222:9: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (drand48() < 0.5) { // deletion
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:223:20: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (is_hap || drand48() < HOM_RATE) { // hom-del
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:227:36: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
deleting = drand48()<0.5?1:2;
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:234:50: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ins = (ins << 2) | (int)(drand48() * 4.0);
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:235:44: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
} while(num_ins < 4 && drand48() < INDEL_EXTEND);
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:237:20: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (is_hap || drand48() < HOM_RATE) { // hom-ins
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:240:11: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ret[drand48()<0.5?0:1]->s[i] = (num_ins << 12) | (ins << 4) | c;
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:311:11: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
p = p * drand48();
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:356:9: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (drand48() < 0.5) {
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:368:15: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
else if (drand48() < ERR_RATE) {
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:369:22: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
c = (c + (int)(drand48()*3.0 + 1)) & 3;
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:377:15: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
else if (drand48() < ERR_RATE) {
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:378:22: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
c = (c + (int)(drand48()*3.0 + 1)) & 3;
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:434:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "e:D:1:2:d:s:z:p:")) != -1) {
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:522:23: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
d = dist + (int)(drand48()*overlap);
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:534:20: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
target = rseq[drand48()<0.5?0:1].s;
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:575:16: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
else if (drand48() < ERR_RATE) {
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:576:23: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
c = (c + (int)(drand48()*3.0+1)) & 3;
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:585:16: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
else if (drand48() < ERR_RATE) {
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:586:23: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
c = (c + (int)(drand48()*3.0 + 1)) & 3;
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:701:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "e:D:1:2:d:s:z:p:o:t:R:rh:Hm:")) != -1) {
data/bio-rainbow-2.0.4+dfsg/main.c:85:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((c = getopt(argc, argv, "h1:2:m:e:l:L")) != -1){
data/bio-rainbow-2.0.4+dfsg/main.c:155:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((c = getopt(argc, argv, "hi:o:k:K:f:")) != -1){
data/bio-rainbow-2.0.4+dfsg/main.c:200:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "hi:l:p:k:o:s:N:f:r:R:a")) != -1) {
data/bio-rainbow-2.0.4+dfsg/mergetag.c:149:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((c = getopt(argc, argv, "hi:o:j:m:")) != -1){
data/bio-rainbow-2.0.4+dfsg/rbasm_main.c:16:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((c = getopt(argc, argv, "hi:o:r:R:l:s:")) != -1){
data/bio-rainbow-2.0.4+dfsg/aln_cigar.h:36:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char aln_cigar_string[8] = "?IDM?SHN";
data/bio-rainbow-2.0.4+dfsg/asm_R2.c:91:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rd->seq, seq, rd_len);
data/bio-rainbow-2.0.4+dfsg/asm_R2.c:129:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ef->eseq, eseq, rd_len);
data/bio-rainbow-2.0.4+dfsg/asm_R2.c:360:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
eid = atoi(get_col_str(in, 1));
data/bio-rainbow-2.0.4+dfsg/asm_R2.c:379:11: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seqid = atol(get_col_str(in, 0));
data/bio-rainbow-2.0.4+dfsg/asm_R2.h:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq[MAX_RD_LEN+1];
data/bio-rainbow-2.0.4+dfsg/asm_R2.h:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eseq[MAX_RD_LEN];
data/bio-rainbow-2.0.4+dfsg/cluster.c:341:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq1[256], seq2[256];
data/bio-rainbow-2.0.4+dfsg/divide.c:243:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char route[257];
data/bio-rainbow-2.0.4+dfsg/dna.h:72:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char bit_base_table[6] = "ACGTN-";
data/bio-rainbow-2.0.4+dfsg/dna.h:73:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char bit4_base_table[16] = "-ACMGRSVTWYHKDBN";
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:110:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fn, mode)) == 0) {
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:324:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256], *qstr;
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:438:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case '1': size_l = atoi(optarg); break;
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:439:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case '2': size_r = atoi(optarg); break;
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:441:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'p': pos = atoi(optarg);
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:478:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256], *qstr;
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:705:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case '1': size_l = atoi(optarg); break;
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:706:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case '2': size_r = atoi(optarg); break;
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:708:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'p': pos = atoi(optarg);
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:710:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'd': dist = atoi(optarg); break;
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:712:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'o': overlap = atoi(optarg); break;
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:713:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 't': step = atoi(optarg); break;
data/bio-rainbow-2.0.4+dfsg/file_reader.c:42:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
} else if((fc->file = fopen(filenames[i], "r")) != NULL){
data/bio-rainbow-2.0.4+dfsg/file_reader.c:64:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *filenames[1];
data/bio-rainbow-2.0.4+dfsg/file_reader.h:142:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(full_name, name, strlen(name));
data/bio-rainbow-2.0.4+dfsg/file_reader.h:143:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(full_name + strlen(name), suffix, strlen(suffix) + 1);
data/bio-rainbow-2.0.4+dfsg/file_reader.h:145:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(full_name, "r");
data/bio-rainbow-2.0.4+dfsg/file_reader.h:157:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(full_name, name, strlen(name));
data/bio-rainbow-2.0.4+dfsg/file_reader.h:158:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(full_name + strlen(name), suffix, strlen(suffix) + 1);
data/bio-rainbow-2.0.4+dfsg/file_reader.h:160:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(full_name, "w+");
data/bio-rainbow-2.0.4+dfsg/file_reader.h:172:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(full_name, name, strlen(name));
data/bio-rainbow-2.0.4+dfsg/file_reader.h:173:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(full_name + strlen(name), suffix, strlen(suffix) + 1);
data/bio-rainbow-2.0.4+dfsg/file_reader.h:175:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(full_name, "a+");
data/bio-rainbow-2.0.4+dfsg/file_reader.h:198:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((file = fopen(filename, "r+")) == NULL){
data/bio-rainbow-2.0.4+dfsg/file_reader.h:210:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((file = fopen(name, "r+")) == NULL){
data/bio-rainbow-2.0.4+dfsg/list.h:154:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(list1->buffer + list1->size, list2->buffer, sizeof(e_type) * list2->size); \
data/bio-rainbow-2.0.4+dfsg/main.c:91:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'l': fix_rd_len = atoi(optarg); break;
data/bio-rainbow-2.0.4+dfsg/main.c:92:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'm': max_mm = atoi(optarg); break;
data/bio-rainbow-2.0.4+dfsg/main.c:93:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'e': exact_limit = atoi(optarg); break;
data/bio-rainbow-2.0.4+dfsg/main.c:160:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'k': k_allele = atoi(optarg); break;
data/bio-rainbow-2.0.4+dfsg/main.c:161:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'K': K_allele = atoi(optarg); break;
data/bio-rainbow-2.0.4+dfsg/main.c:173:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((out = fopen(outfile, "w")) == NULL){
data/bio-rainbow-2.0.4+dfsg/main.c:205:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'l': min_overlap = atoi(optarg); break;
data/bio-rainbow-2.0.4+dfsg/main.c:207:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'k': min_kmer = atoi(optarg); break;
data/bio-rainbow-2.0.4+dfsg/main.c:210:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 's': kmersize = atoi(optarg); break;
data/bio-rainbow-2.0.4+dfsg/main.c:211:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'N': max_cluster = atoi(optarg); break;
data/bio-rainbow-2.0.4+dfsg/main.c:213:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'r': min_read = atoi(optarg); break;
data/bio-rainbow-2.0.4+dfsg/main.c:214:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'R': max_read = atoi(optarg); break;
data/bio-rainbow-2.0.4+dfsg/main.c:225:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((out = fopen(outfile, "w")) == NULL) {
data/bio-rainbow-2.0.4+dfsg/mergecontig.c:26:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
key = atoi(get_col_str(fr2, 1));
data/bio-rainbow-2.0.4+dfsg/mergecontig.c:27:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(get_col_str(fr2, 4));
data/bio-rainbow-2.0.4+dfsg/mergecontig.c:57:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(line->string+2);
data/bio-rainbow-2.0.4+dfsg/mergecontig.h:16:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char aln_nt16_table[256] = {
data/bio-rainbow-2.0.4+dfsg/mergectg.c:53:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cid = atoi(get_col_str(in, 4));
data/bio-rainbow-2.0.4+dfsg/mergectg.c:58:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
eid = atoi(get_col_str(in, 1));
data/bio-rainbow-2.0.4+dfsg/mergectg.c:74:17: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rd->seq_id = atol(get_col_str(in, 0));
data/bio-rainbow-2.0.4+dfsg/mergectg.c:83:16: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rd->seq_id = atol(get_col_str(in, 0));
data/bio-rainbow-2.0.4+dfsg/mergectg.c:587:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cid = atoi(get_col_str(in, 4));
data/bio-rainbow-2.0.4+dfsg/mergectg.h:14:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq[MAX_RD_LEN+1];
data/bio-rainbow-2.0.4+dfsg/mergetag.c:154:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'm': max_mm = atoi(optarg); break;
data/bio-rainbow-2.0.4+dfsg/mergetag.c:164:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if((out = fopen(ouf, "w")) == NULL){
data/bio-rainbow-2.0.4+dfsg/rbasm_main.c:20:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'l': min_ol = atoi(optarg); break;
data/bio-rainbow-2.0.4+dfsg/rbasm_main.c:22:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'r': min_read = atoi(optarg); break;
data/bio-rainbow-2.0.4+dfsg/rbasm_main.c:23:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'R': max_read = atoi(optarg); break;
data/bio-rainbow-2.0.4+dfsg/rbasm_main.c:33:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if((out = fopen(outfile, "w")) == NULL){
data/bio-rainbow-2.0.4+dfsg/stdaln.c:29:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aln_nt16_table[256] = {
data/bio-rainbow-2.0.4+dfsg/stdaln.c:50:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aln_nt4_table[256] = {
data/bio-rainbow-2.0.4+dfsg/stdaln.c:71:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aln_aa_table[256] = {
data/bio-rainbow-2.0.4+dfsg/stdaln.c:93:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aln_trans_table_eu[66] = {
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:67:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (!feof(fp) && fgetc(fp) != '>');
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:70:27: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (!feof(fp) && (c = fgetc(fp)) != ' ' && c != '\t' && c != '\n')
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:76:30: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (!feof(fp) && ((c = fgetc(fp)) == ' ' || c == '\t'));
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:79:30: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (!feof(fp) && (c = fgetc(fp)) != '\n')
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:84:44: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} else if (c != '\n') while (!feof(fp) && fgetc(fp) != '\n');
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:86:27: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (!feof(fp) && (c = fgetc(fp)) != '>') {
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:451:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cut)==0) {
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:464:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos = strlen(cut)/2;
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:726:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cut)==0) {
data/bio-rainbow-2.0.4+dfsg/ezmsim.c:739:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos = strlen(cut)/2;
data/bio-rainbow-2.0.4+dfsg/file_reader.c:36:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if(strlen(filenames[i]) > 3 && strcmp(filenames[i] + strlen(filenames[i]) - 3, ".gz") == 0){
data/bio-rainbow-2.0.4+dfsg/file_reader.c:36:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if(strlen(filenames[i]) > 3 && strcmp(filenames[i] + strlen(filenames[i]) - 3, ".gz") == 0){
data/bio-rainbow-2.0.4+dfsg/file_reader.c:37:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd = (char*)malloc(strlen(filenames[i]) + 20);
data/bio-rainbow-2.0.4+dfsg/file_reader.c:39:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fc->filename = (char*)malloc(sizeof(char)* (strlen(filenames[i])+1));
data/bio-rainbow-2.0.4+dfsg/file_reader.c:43:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fc->filename = (char*)malloc(sizeof(char)* (strlen(filenames[i])+1));
data/bio-rainbow-2.0.4+dfsg/file_reader.c:71:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename = alloca(strlen(prefix) + strlen(postfix) + 1);
data/bio-rainbow-2.0.4+dfsg/file_reader.c:71:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename = alloca(strlen(prefix) + strlen(postfix) + 1);
data/bio-rainbow-2.0.4+dfsg/file_reader.c:88:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fr->size = strlen(string);
data/bio-rainbow-2.0.4+dfsg/file_reader.c:105:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(fc->filename && strlen(fc->filename) > 3 && strcmp(fc->filename + strlen(fc->filename) - 3, ".gz") == 0) pclose(fc->file);
data/bio-rainbow-2.0.4+dfsg/file_reader.c:105:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(fc->filename && strlen(fc->filename) > 3 && strcmp(fc->filename + strlen(fc->filename) - 3, ".gz") == 0) pclose(fc->file);
data/bio-rainbow-2.0.4+dfsg/file_reader.c:125:7: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getchar();
data/bio-rainbow-2.0.4+dfsg/file_reader.c:191:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(expr);
data/bio-rainbow-2.0.4+dfsg/file_reader.h:141:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
full_name = (char*)alloca(strlen(name) + strlen(suffix) + 1);
data/bio-rainbow-2.0.4+dfsg/file_reader.h:141:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
full_name = (char*)alloca(strlen(name) + strlen(suffix) + 1);
data/bio-rainbow-2.0.4+dfsg/file_reader.h:142:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(full_name, name, strlen(name));
data/bio-rainbow-2.0.4+dfsg/file_reader.h:143:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(full_name + strlen(name), suffix, strlen(suffix) + 1);
data/bio-rainbow-2.0.4+dfsg/file_reader.h:143:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(full_name + strlen(name), suffix, strlen(suffix) + 1);
data/bio-rainbow-2.0.4+dfsg/file_reader.h:156:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
full_name = (char*)alloca(strlen(name) + strlen(suffix) + 1);
data/bio-rainbow-2.0.4+dfsg/file_reader.h:156:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
full_name = (char*)alloca(strlen(name) + strlen(suffix) + 1);
data/bio-rainbow-2.0.4+dfsg/file_reader.h:157:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(full_name, name, strlen(name));
data/bio-rainbow-2.0.4+dfsg/file_reader.h:158:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(full_name + strlen(name), suffix, strlen(suffix) + 1);
data/bio-rainbow-2.0.4+dfsg/file_reader.h:158:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(full_name + strlen(name), suffix, strlen(suffix) + 1);
data/bio-rainbow-2.0.4+dfsg/file_reader.h:171:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
full_name = (char*)alloca(strlen(name) + strlen(suffix) + 1);
data/bio-rainbow-2.0.4+dfsg/file_reader.h:171:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
full_name = (char*)alloca(strlen(name) + strlen(suffix) + 1);
data/bio-rainbow-2.0.4+dfsg/file_reader.h:172:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(full_name, name, strlen(name));
data/bio-rainbow-2.0.4+dfsg/file_reader.h:173:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(full_name + strlen(name), suffix, strlen(suffix) + 1);
data/bio-rainbow-2.0.4+dfsg/file_reader.h:173:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(full_name + strlen(name), suffix, strlen(suffix) + 1);
data/bio-rainbow-2.0.4+dfsg/file_reader.h:207:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = alloca(strlen(filename) + strlen(suffix) + 1);
data/bio-rainbow-2.0.4+dfsg/file_reader.h:207:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = alloca(strlen(filename) + strlen(suffix) + 1);
data/bio-rainbow-2.0.4+dfsg/mergecontig.c:59:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len < (int)strlen(line->string+2)) {
data/bio-rainbow-2.0.4+dfsg/mergecontig.c:60:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(line->string+2);
data/bio-rainbow-2.0.4+dfsg/mergecontig.c:167:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aln_len = strlen(aa->out1);
data/bio-rainbow-2.0.4+dfsg/mergecontig.c:243:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seqlen = strlen(c0->seq);
data/bio-rainbow-2.0.4+dfsg/mergecontig.c:283:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seqlen = strlen(c0->seq);
data/bio-rainbow-2.0.4+dfsg/mergecontig.c:405:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aln_len = strlen(aa->out1);
data/bio-rainbow-2.0.4+dfsg/mergecontig.c:454:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aln_len = strlen(aa->out1);
data/bio-rainbow-2.0.4+dfsg/mergecontig.h:89:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen(s1);
data/bio-rainbow-2.0.4+dfsg/mergecontig.h:90:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen(s2);
data/bio-rainbow-2.0.4+dfsg/mergectg.c:69:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
append_string(ctg->path, path, strlen(path));
data/bio-rainbow-2.0.4+dfsg/mergectg.c:263:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n1 = strlen(c1->path->string);
data/bio-rainbow-2.0.4+dfsg/mergectg.c:264:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n2 = strlen(c2->path->string);
data/bio-rainbow-2.0.4+dfsg/mergectg.c:413:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/bio-rainbow-2.0.4+dfsg/stdaln.c:731:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len1 < 0) len1 = strlen(seq1);
data/bio-rainbow-2.0.4+dfsg/stdaln.c:732:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len2 < 0) len2 = strlen(seq2);
data/bio-rainbow-2.0.4+dfsg/string.h:62:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(string);
data/bio-rainbow-2.0.4+dfsg/string.h:88:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(s);
data/bio-rainbow-2.0.4+dfsg/string.h:133:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(chs);
ANALYSIS SUMMARY:
Hits = 171
Lines analyzed = 8583 in approximately 0.32 seconds (27086 lines/second)
Physical Source Lines of Code (SLOC) = 7111
Hits@level = [0] 154 [1] 57 [2] 70 [3] 36 [4] 8 [5] 0
Hits@level+ = [0+] 325 [1+] 171 [2+] 114 [3+] 44 [4+] 8 [5+] 0
Hits/KSLOC@level+ = [0+] 45.7038 [1+] 24.0473 [2+] 16.0315 [3+] 6.1876 [4+] 1.12502 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.