Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/bolt-lmm-2.3.4+dfsg/src/StatsUtils.cpp
Examining data/bolt-lmm-2.3.4+dfsg/src/BoltReml.cpp
Examining data/bolt-lmm-2.3.4+dfsg/src/BoltParams.cpp
Examining data/bolt-lmm-2.3.4+dfsg/src/CovariateBasis.hpp
Examining data/bolt-lmm-2.3.4+dfsg/src/SnpInfo.hpp
Examining data/bolt-lmm-2.3.4+dfsg/src/SnpData.hpp
Examining data/bolt-lmm-2.3.4+dfsg/src/Jackknife.cpp
Examining data/bolt-lmm-2.3.4+dfsg/src/CovariateBasis.cpp
Examining data/bolt-lmm-2.3.4+dfsg/src/SpectrumTools.cpp
Examining data/bolt-lmm-2.3.4+dfsg/src/MapInterpolater.hpp
Examining data/bolt-lmm-2.3.4+dfsg/src/PhenoBuilder.cpp
Examining data/bolt-lmm-2.3.4+dfsg/src/DataMatrix.cpp
Examining data/bolt-lmm-2.3.4+dfsg/src/RestrictSnpSet.hpp
Examining data/bolt-lmm-2.3.4+dfsg/src/NonlinearOptMulti.cpp
Examining data/bolt-lmm-2.3.4+dfsg/src/MemoryUtils.cpp
Examining data/bolt-lmm-2.3.4+dfsg/src/DataMatrix.hpp
Examining data/bolt-lmm-2.3.4+dfsg/src/RestrictSnpSet.cpp
Examining data/bolt-lmm-2.3.4+dfsg/src/BoltMain.cpp
Examining data/bolt-lmm-2.3.4+dfsg/src/Bolt.cpp
Examining data/bolt-lmm-2.3.4+dfsg/src/SnpInfo.cpp
Examining data/bolt-lmm-2.3.4+dfsg/src/SpectrumTools.hpp
Examining data/bolt-lmm-2.3.4+dfsg/src/FileUtils.hpp
Examining data/bolt-lmm-2.3.4+dfsg/src/Bolt.hpp
Examining data/bolt-lmm-2.3.4+dfsg/src/MemoryUtils.hpp
Examining data/bolt-lmm-2.3.4+dfsg/src/SnpData.cpp
Examining data/bolt-lmm-2.3.4+dfsg/src/NumericUtils.hpp
Examining data/bolt-lmm-2.3.4+dfsg/src/MatrixUtils.hpp
Examining data/bolt-lmm-2.3.4+dfsg/src/FileUtils.cpp
Examining data/bolt-lmm-2.3.4+dfsg/src/MapInterpolater.cpp
Examining data/bolt-lmm-2.3.4+dfsg/src/BoltParEstCV.cpp
Examining data/bolt-lmm-2.3.4+dfsg/src/StatsUtils.hpp
Examining data/bolt-lmm-2.3.4+dfsg/src/LapackConst.hpp
Examining data/bolt-lmm-2.3.4+dfsg/src/Types.hpp
Examining data/bolt-lmm-2.3.4+dfsg/src/Jackknife.hpp
Examining data/bolt-lmm-2.3.4+dfsg/src/StringUtils.cpp
Examining data/bolt-lmm-2.3.4+dfsg/src/Timer.hpp
Examining data/bolt-lmm-2.3.4+dfsg/src/NumericUtils.cpp
Examining data/bolt-lmm-2.3.4+dfsg/src/BoltParams.hpp
Examining data/bolt-lmm-2.3.4+dfsg/src/LDscoreCalibration.cpp
Examining data/bolt-lmm-2.3.4+dfsg/src/NonlinearOptMulti.hpp
Examining data/bolt-lmm-2.3.4+dfsg/src/PhenoBuilder.hpp
Examining data/bolt-lmm-2.3.4+dfsg/src/StringUtils.hpp
Examining data/bolt-lmm-2.3.4+dfsg/src/MatrixUtils.cpp
Examining data/bolt-lmm-2.3.4+dfsg/src/BoltParEstCV.hpp
Examining data/bolt-lmm-2.3.4+dfsg/src/LDscoreCalibration.hpp
Examining data/bolt-lmm-2.3.4+dfsg/src/Timer.cpp
Examining data/bolt-lmm-2.3.4+dfsg/src/memcpy.cpp
FINAL RESULTS:
data/bolt-lmm-2.3.4+dfsg/src/Bolt.cpp:170:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(covCompVecs + b*(Nstride+Cstride), covCompVecs,
data/bolt-lmm-2.3.4+dfsg/src/Bolt.cpp:179:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(covComps + b*Cstride, covCompVec + Nstride, Cstride*sizeof(covComps[0]));
data/bolt-lmm-2.3.4+dfsg/src/Bolt.cpp:541:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(HmultCovCompVecs, xCovCompVecs, B * (Nstride+Cstride) * sizeof(HmultCovCompVecs[0]));
data/bolt-lmm-2.3.4+dfsg/src/Bolt.cpp:590:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rCovCompVecs, bCovCompVecs, BxNC * sizeof(rCovCompVecs[0]));
data/bolt-lmm-2.3.4+dfsg/src/Bolt.cpp:595:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pCovCompVecs, rCovCompVecs, BxNC * sizeof(pCovCompVecs[0])); // p=r
data/bolt-lmm-2.3.4+dfsg/src/Bolt.cpp:674:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, covCompVec1, (Nstride+Cstride)*sizeof(tmp[0]));
data/bolt-lmm-2.3.4+dfsg/src/Bolt.cpp:675:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(covCompVec1, covCompVec2, (Nstride+Cstride)*sizeof(tmp[0]));
data/bolt-lmm-2.3.4+dfsg/src/Bolt.cpp:676:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(covCompVec2, tmp, (Nstride+Cstride)*sizeof(tmp[0]));
data/bolt-lmm-2.3.4+dfsg/src/Bolt.cpp:1145:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(betasTrans, betaBarsTrans, M*B*sizeof(betasTrans[0]));
data/bolt-lmm-2.3.4+dfsg/src/Bolt.cpp:1567:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(snpNegCovCompVec + Nstride, snpCovBasisNegComps + m*Cstride,
data/bolt-lmm-2.3.4+dfsg/src/Bolt.cpp:1598:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(phenoPreds + b*Nstride, phenoPredNegCovCompVec, Nstride*sizeof(phenoPreds[0]));
data/bolt-lmm-2.3.4+dfsg/src/Bolt.cpp:1779:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(yEnvUnscaledCovCompVecs + (b*(MCtrials+1))*(Nstride+Cstride), randnEpsCovCompVecs,
data/bolt-lmm-2.3.4+dfsg/src/Bolt.cpp:1784:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(yGenCovCompVecs + (b*(MCtrials+1)+MCtrials)*(Nstride+Cstride), &pheno[0],
data/bolt-lmm-2.3.4+dfsg/src/Bolt.cpp:1954:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(testHinvPhiCovCompVec, HinvPhiCovCompVec,
data/bolt-lmm-2.3.4+dfsg/src/Bolt.cpp:2007:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(HinvPhiCovCompVec, testHinvPhiCovCompVec,
data/bolt-lmm-2.3.4+dfsg/src/Bolt.cpp:2322:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pValueBuf[100];
data/bolt-lmm-2.3.4+dfsg/src/Bolt.cpp:2324:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pValueBuf, "%.1E", pValue);
data/bolt-lmm-2.3.4+dfsg/src/Bolt.cpp:2333:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pValueBuf, "%.1fE%d", fraction, exponent);
data/bolt-lmm-2.3.4+dfsg/src/Bolt.cpp:2741:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
physpos = atoi(buf+pos); nullTermMovePos(buf, pos, false);
data/bolt-lmm-2.3.4+dfsg/src/Bolt.cpp:2865:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fin = fopen(bgenFile.c_str(), "rb");
data/bolt-lmm-2.3.4+dfsg/src/Bolt.cpp:2875:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snpID[65536], rsID[65536], chrStr[65536];
data/bolt-lmm-2.3.4+dfsg/src/Bolt.cpp:3187:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fin = fopen(bgenFile.c_str(), "rb");
data/bolt-lmm-2.3.4+dfsg/src/Bolt.cpp:3197:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[5]; fread(magic, 1, 4, fin); magic[4] = '\0'; //cout << "magic bytes: " << string(magic) << endl;
data/bolt-lmm-2.3.4+dfsg/src/Bolt.cpp:3212:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snpID[65536], rsID[65536], chrStr[65536];
data/bolt-lmm-2.3.4+dfsg/src/Bolt.hpp:91:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(snpCovCompVec + Nstride, snpCovBasisNegComps + m*Cstride,
data/bolt-lmm-2.3.4+dfsg/src/BoltMain.cpp:749:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20]; sprintf(buf, "\t%.2f", LDscoresChip[m]);
data/bolt-lmm-2.3.4+dfsg/src/BoltMain.cpp:749:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
char buf[20]; sprintf(buf, "\t%.2f", LDscoresChip[m]);
data/bolt-lmm-2.3.4+dfsg/src/BoltParEstCV.cpp:181:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100]; sprintf(buf, "f2=%g, p=%g", paramDataAll[b].f2, paramDataAll[b].p);
data/bolt-lmm-2.3.4+dfsg/src/BoltParEstCV.cpp:181:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
char buf[100]; sprintf(buf, "f2=%g, p=%g", paramDataAll[b].f2, paramDataAll[b].p);
data/bolt-lmm-2.3.4+dfsg/src/BoltParEstCV.cpp:199:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bestPars[100]; sprintf(bestPars, "f2=%g, p=%g", paramDataAll[bestInd].f2,
data/bolt-lmm-2.3.4+dfsg/src/BoltParEstCV.cpp:199:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
char bestPars[100]; sprintf(bestPars, "f2=%g, p=%g", paramDataAll[bestInd].f2,
data/bolt-lmm-2.3.4+dfsg/src/BoltParEstCV.cpp:211:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100]; sprintf(buf, "f2=%g, p=%g", paramDataAll[b].f2, paramDataAll[b].p);
data/bolt-lmm-2.3.4+dfsg/src/BoltParEstCV.cpp:211:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
char buf[100]; sprintf(buf, "f2=%g, p=%g", paramDataAll[b].f2, paramDataAll[b].p);
data/bolt-lmm-2.3.4+dfsg/src/BoltParEstCV.cpp:264:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100]; sprintf(buf, "f2=%g, p=%g", paramDataAll[b].f2, paramDataAll[b].p);
data/bolt-lmm-2.3.4+dfsg/src/BoltParEstCV.cpp:264:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
char buf[100]; sprintf(buf, "f2=%g, p=%g", paramDataAll[b].f2, paramDataAll[b].p);
data/bolt-lmm-2.3.4+dfsg/src/BoltParams.cpp:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char missingIndivFile[1000];
data/bolt-lmm-2.3.4+dfsg/src/BoltParams.cpp:70:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(missingIndivFile, "bolt.in_plink_but_not_imputed.FID_IID.%d.txt", numMissing);
data/bolt-lmm-2.3.4+dfsg/src/BoltReml.cpp:438:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(VmultiCovCompVecs, xMultiCovCompVecs, B * DxNC * sizeof(VmultiCovCompVecs[0]));
data/bolt-lmm-2.3.4+dfsg/src/BoltReml.cpp:600:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rMultiCovCompVecs, bMultiCovCompVecs, BxDxNC * sizeof(rMultiCovCompVecs[0]));
data/bolt-lmm-2.3.4+dfsg/src/BoltReml.cpp:605:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pMultiCovCompVecs, rMultiCovCompVecs, BxDxNC * sizeof(pMultiCovCompVecs[0])); // p=r
data/bolt-lmm-2.3.4+dfsg/src/BoltReml.cpp:692:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(yRandsDataMultiCovCompVecs, yEnvGenUnscaledMultiCovCompVecs, // copy in env terms
data/bolt-lmm-2.3.4+dfsg/src/BoltReml.cpp:762:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(phenoCovCompVecs_d, &phenos[d][0], phenos[d].size() * sizeof(phenoCovCompVecs[0]));
data/bolt-lmm-2.3.4+dfsg/src/BoltReml.cpp:866:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dVdparsVinvyMultiCovCompVecs + curPar * DxNC + dj*(Nstride+Cstride),
data/bolt-lmm-2.3.4+dfsg/src/BoltReml.cpp:870:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dVdparsVinvyMultiCovCompVecs + curPar * DxNC + di*(Nstride+Cstride),
data/bolt-lmm-2.3.4+dfsg/src/BoltReml.cpp:933:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dVdparsVinvyMultiCovCompVecs + curPar * DxNC + dj*(Nstride+Cstride),
data/bolt-lmm-2.3.4+dfsg/src/BoltReml.cpp:937:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dVdparsVinvyMultiCovCompVecs + curPar * DxNC + di*(Nstride+Cstride),
data/bolt-lmm-2.3.4+dfsg/src/CovariateBasis.cpp:174:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(maskIndivs, _maskIndivs, Nstride * sizeof(maskIndivs[0]));
data/bolt-lmm-2.3.4+dfsg/src/CovariateBasis.cpp:337:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vecAligned, vec, Nstride*sizeof(vec[0]));
data/bolt-lmm-2.3.4+dfsg/src/CovariateBasis.cpp:348:30: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
double copyVec[Nstride]; memcpy(copyVec, vec, Nstride*sizeof(vec[0]));
data/bolt-lmm-2.3.4+dfsg/src/FileUtils.cpp:47:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream.open(file.c_str(), mode);
data/bolt-lmm-2.3.4+dfsg/src/FileUtils.cpp:55:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream.open(file.c_str(), mode);
data/bolt-lmm-2.3.4+dfsg/src/FileUtils.cpp:64:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin.open(file.c_str());
data/bolt-lmm-2.3.4+dfsg/src/FileUtils.cpp:78:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout.open(file.c_str(), std::ios::out|std::ios::app);
data/bolt-lmm-2.3.4+dfsg/src/FileUtils.cpp:177:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin.open(file.c_str(), mode);
data/bolt-lmm-2.3.4+dfsg/src/FileUtils.cpp:231:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout.open(file.c_str(), mode);
data/bolt-lmm-2.3.4+dfsg/src/FileUtils.cpp:260:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int chr = atoi(chrom.c_str());
data/bolt-lmm-2.3.4+dfsg/src/FileUtils.cpp:274:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fin = fopen(bgenFile.c_str(), "rb");
data/bolt-lmm-2.3.4+dfsg/src/FileUtils.cpp:284:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[5]; fread(magic, 1, 4, fin); magic[4] = '\0'; //cout << "magic bytes: " << string(magic) << endl;
data/bolt-lmm-2.3.4+dfsg/src/FileUtils.cpp:303:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snpID[65536], rsID[65536], chrStr[65536], allele1[65536], allele0[65536];
data/bolt-lmm-2.3.4+dfsg/src/RestrictSnpSet.cpp:44:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/bolt-lmm-2.3.4+dfsg/src/RestrictSnpSet.cpp:45:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d,%d", snp.chrom, snp.physpos);
data/bolt-lmm-2.3.4+dfsg/src/SnpData.cpp:54:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int chr = atoi(chrom.c_str());
data/bolt-lmm-2.3.4+dfsg/src/SnpData.cpp:71:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(work[byte4+k], work[byte4], sizeof(work[0]));
data/bolt-lmm-2.3.4+dfsg/src/SnpData.cpp:817:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, maskIndivs, Nstride*sizeof(maskIndivs[0]));
data/bolt-lmm-2.3.4+dfsg/src/SnpData.cpp:819:52: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void SnpData::writeMaskSnps(uchar out[]) const { memcpy(out, maskSnps, M*sizeof(maskSnps[0])); }
data/bolt-lmm-2.3.4+dfsg/src/SnpData.cpp:909:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out + n4, work[*ptr], sizeof(work[0]));
data/bolt-lmm-2.3.4+dfsg/src/memcpy.cpp:26:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return memcpy(dest, src, n);
data/bolt-lmm-2.3.4+dfsg/src/Bolt.cpp:2404:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
finBed.read((char *) genoLine, 3); // header
data/bolt-lmm-2.3.4+dfsg/src/Bolt.cpp:2695:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
finImpute2.read(buf+bufUsed, BUF_SIZE-bufUsed);
data/bolt-lmm-2.3.4+dfsg/src/BoltMain.cpp:83:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[i]) >= 2 && argv[i][0] == '-' && argv[i][1] == '-')
data/bolt-lmm-2.3.4+dfsg/src/BoltMain.cpp:86:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int j = 0; j < (int) strlen(argv[i]); j++)
data/bolt-lmm-2.3.4+dfsg/src/BoltMain.cpp:92:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int j = 0; j < (int) strlen(argv[i]); j++) {
data/bolt-lmm-2.3.4+dfsg/src/FileUtils.cpp:196:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
AutoGzIfstream& AutoGzIfstream::read(char *s, std::streamsize n) {
data/bolt-lmm-2.3.4+dfsg/src/FileUtils.cpp:197:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
boost_in.read(s, n);
data/bolt-lmm-2.3.4+dfsg/src/FileUtils.hpp:69:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
AutoGzIfstream& read(char *s, std::streamsize n);
data/bolt-lmm-2.3.4+dfsg/src/SnpData.cpp:534:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fin.read((char *) bedLineIn, (Nbed+3)>>2);
data/bolt-lmm-2.3.4+dfsg/src/SnpData.cpp:663:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fin.read((char *) header, 3);
ANALYSIS SUMMARY:
Hits = 77
Lines analyzed = 12306 in approximately 0.46 seconds (26759 lines/second)
Physical Source Lines of Code (SLOC) = 8710
Hits@level = [0] 125 [1] 10 [2] 67 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 202 [1+] 77 [2+] 67 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 23.1917 [1+] 8.84041 [2+] 7.69231 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.