Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/bustools-0.40.0/src/BUSData.cpp Examining data/bustools-0.40.0/src/BUSData.h Examining data/bustools-0.40.0/src/Common.cpp Examining data/bustools-0.40.0/src/Common.hpp Examining data/bustools-0.40.0/src/bustools_capture.cpp Examining data/bustools-0.40.0/src/bustools_capture.h Examining data/bustools-0.40.0/src/bustools_correct.cpp Examining data/bustools-0.40.0/src/bustools_correct.h Examining data/bustools-0.40.0/src/bustools_count.cpp Examining data/bustools-0.40.0/src/bustools_count.h Examining data/bustools-0.40.0/src/bustools_extract.cpp Examining data/bustools-0.40.0/src/bustools_extract.h Examining data/bustools-0.40.0/src/bustools_inspect.cpp Examining data/bustools-0.40.0/src/bustools_inspect.h Examining data/bustools-0.40.0/src/bustools_linker.cpp Examining data/bustools-0.40.0/src/bustools_linker.h Examining data/bustools-0.40.0/src/bustools_main.cpp Examining data/bustools-0.40.0/src/bustools_merge.cpp Examining data/bustools-0.40.0/src/bustools_merge.h Examining data/bustools-0.40.0/src/bustools_project.cpp Examining data/bustools-0.40.0/src/bustools_project.h Examining data/bustools-0.40.0/src/bustools_sort.cpp Examining data/bustools-0.40.0/src/bustools_sort.h Examining data/bustools-0.40.0/src/bustools_whitelist.cpp Examining data/bustools-0.40.0/src/bustools_whitelist.h Examining data/bustools-0.40.0/src/kseq.h Examining data/bustools-0.40.0/src/roaring.c Examining data/bustools-0.40.0/src/roaring.h Examining data/bustools-0.40.0/test/matrix.ec FINAL RESULTS: data/bustools-0.40.0/src/roaring.h:51:82: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. #error This code assumes 64-bit long longs (by use of the GCC intrinsics). Your system is not currently supported. data/bustools-0.40.0/src/bustools_main.cpp:103:15: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, opt_string, long_options, &option_index)) != -1) { data/bustools-0.40.0/src/bustools_main.cpp:178:15: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, opt_string, long_options, &option_index)) != -1) { data/bustools-0.40.0/src/bustools_main.cpp:212:15: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, opt_string, long_options, &option_index)) != -1) { data/bustools-0.40.0/src/bustools_main.cpp:277:15: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, opt_string, long_options, &option_index)) != -1) { data/bustools-0.40.0/src/bustools_main.cpp:326:15: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, opt_string, long_options, &option_index)) != -1) { data/bustools-0.40.0/src/bustools_main.cpp:363:15: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, opt_string, long_options, &option_index)) != -1) { data/bustools-0.40.0/src/bustools_main.cpp:406:15: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, opt_string, long_options, &option_index)) != -1) { data/bustools-0.40.0/src/bustools_main.cpp:447:15: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, opt_string, long_options, &option_index)) != -1) { data/bustools-0.40.0/src/bustools_main.cpp:505:15: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, opt_string, long_options, &option_index)) != -1) { data/bustools-0.40.0/src/bustools_main.cpp:547:15: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, opt_string, long_options, &option_index)) != -1) { data/bustools-0.40.0/src/bustools_main.cpp:589:15: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, opt_string, long_options, &option_index)) != -1) { data/bustools-0.40.0/src/BUSData.cpp:76:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[4]; data/bustools-0.40.0/src/BUSData.cpp:131:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf.open(filename.c_str(), std::ios::out); data/bustools-0.40.0/src/BUSData.cpp:160:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf.open(filename.c_str(), std::ios::out); data/bustools-0.40.0/src/Common.hpp:71:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char alpha[4] = {'A','C','G','T'}; data/bustools-0.40.0/src/bustools_capture.cpp:55:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). of.open(output); data/bustools-0.40.0/src/bustools_capture.cpp:73:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inf.open(infn.c_str(), std::ios::binary); data/bustools-0.40.0/src/bustools_correct.cpp:49:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[4]; data/bustools-0.40.0/src/bustools_correct.cpp:92:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). busf_out.open(opt.output , std::ios::out | std::ios::binary); data/bustools-0.40.0/src/bustools_correct.cpp:107:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inf.open(infn.c_str(), std::ios::binary); data/bustools-0.40.0/src/bustools_count.cpp:43:6: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). of.open(mtx_ofn); data/bustools-0.40.0/src/bustools_count.cpp:292:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inf.open(infn.c_str(), std::ios::binary); data/bustools-0.40.0/src/bustools_count.cpp:356:6: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). of.open(mtx_ofn, std::ios::binary | std::ios::in | std::ios::out); data/bustools-0.40.0/src/bustools_count.cpp:373:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bcof.open(barcodes_ofn); data/bustools-0.40.0/src/bustools_extract.cpp:49:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inf.open(opt.files[0].c_str(), std::ios::binary); data/bustools-0.40.0/src/bustools_extract.cpp:104:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + bufLen, seq[i]->name.s, seq[i]->name.l); data/bustools-0.40.0/src/bustools_extract.cpp:107:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + bufLen, seq[i]->comment.s, seq[i]->comment.l); data/bustools-0.40.0/src/bustools_extract.cpp:112:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + bufLen, seq[i]->seq.s, seq[i]->seq.l); data/bustools-0.40.0/src/bustools_extract.cpp:118:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + bufLen, seq[i]->name.s, seq[i]->name.l); data/bustools-0.40.0/src/bustools_extract.cpp:121:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + bufLen, seq[i]->comment.s, seq[i]->comment.l); data/bustools-0.40.0/src/bustools_extract.cpp:126:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + bufLen, seq[i]->qual.s, seq[i]->qual.l); data/bustools-0.40.0/src/bustools_inspect.cpp:72:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inf.open(opt.files[0].c_str(), std::ios::binary); data/bustools-0.40.0/src/bustools_linker.cpp:16:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). of.open(opt.output); data/bustools-0.40.0/src/bustools_linker.cpp:38:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inf.open(infn->c_str(), std::ios::binary); data/bustools-0.40.0/src/bustools_main.cpp:110:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). opt.threads = atoi(optarg); data/bustools-0.40.0/src/bustools_main.cpp:137:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). opt.max_memory = atoi(s.substr(0,n).c_str()); data/bustools-0.40.0/src/bustools_main.cpp:412:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). opt.threshold = atoi(optarg); data/bustools-0.40.0/src/bustools_main.cpp:687:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *tmpf = fopen(opt.temp_files.c_str(), "a+"); data/bustools-0.40.0/src/bustools_main.cpp:1484:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). of.open(opt.output); data/bustools-0.40.0/src/bustools_main.cpp:1492:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[4]; data/bustools-0.40.0/src/bustools_main.cpp:1498:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inf.open(infn.c_str(), std::ios::binary); data/bustools-0.40.0/src/bustools_merge.cpp:34:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bf[i].open((opt.files[i] + "/output.bus").c_str(), std::ios::binary); data/bustools-0.40.0/src/bustools_project.cpp:18:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[4]; data/bustools-0.40.0/src/bustools_project.cpp:37:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). busf_out.open(opt.output , std::ios::out | std::ios::binary); data/bustools-0.40.0/src/bustools_project.cpp:54:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inf.open(infn.c_str(), std::ios::binary); data/bustools-0.40.0/src/bustools_project.cpp:111:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). busf_out.open(opt.output , std::ios::out | std::ios::binary); data/bustools-0.40.0/src/bustools_project.cpp:128:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inf.open(infn.c_str(), std::ios::binary); data/bustools-0.40.0/src/bustools_project.cpp:223:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). of.open(opt.output_folder + "/matrix.ec"); data/bustools-0.40.0/src/bustools_project.cpp:242:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). of.open(opt.output_folder + "/genes.txt"); data/bustools-0.40.0/src/bustools_project.cpp:253:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). of.open(opt.output); data/bustools-0.40.0/src/bustools_project.cpp:263:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inf.open(opt.files[0].c_str(), std::ios::binary); data/bustools-0.40.0/src/bustools_sort.cpp:155:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[4]; data/bustools-0.40.0/src/bustools_sort.cpp:191:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inf.open(infn.c_str(), std::ios::binary); data/bustools-0.40.0/src/bustools_sort.cpp:253:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). of.open(opt.output, std::ios::out | std::ios::binary); data/bustools-0.40.0/src/bustools_sort.cpp:289:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bf[i].open((opt.temp_files + std::to_string(i)).c_str(), std::ios::binary); data/bustools-0.40.0/src/bustools_sort.cpp:357:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[4]; data/bustools-0.40.0/src/bustools_sort.cpp:363:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inf.open(infn.c_str(), std::ios::binary); data/bustools-0.40.0/src/bustools_sort.cpp:406:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). of.open(opt.output, std::ios::out | std::ios::binary); data/bustools-0.40.0/src/bustools_whitelist.cpp:24:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inf.open(opt.files[0].c_str(), std::ios::binary); data/bustools-0.40.0/src/kseq.h:129:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str->s + str->l, ks->buf + ks->begin, i - ks->begin); \ data/bustools-0.40.0/src/roaring.c:528:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (A != C) memcpy(C, A, sizeof(uint16_t) * s_a); data/bustools-0.40.0/src/roaring.c:611:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, B + i_b, (s_b - i_b) * sizeof(uint16_t)); data/bustools-0.40.0/src/roaring.c:1080:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (a1 != a_out) memcpy(a_out, a1, sizeof(uint16_t) * length1); data/bustools-0.40.0/src/roaring.c:1140:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out + pos_out, array_1 + pos1, n_elems * sizeof(uint16_t)); data/bustools-0.40.0/src/roaring.c:1144:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out + pos_out, array_2 + pos2, n_elems * sizeof(uint16_t)); data/bustools-0.40.0/src/roaring.c:1630:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + leftoversize, array1 + 8 * pos1, data/bustools-0.40.0/src/roaring.c:1639:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + leftoversize, array2 + 8 * pos2, data/bustools-0.40.0/src/roaring.c:1763:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + leftoversize, array1 + 8 * pos1, data/bustools-0.40.0/src/roaring.c:1767:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output, array2 + 8 * pos2, data/bustools-0.40.0/src/roaring.c:1777:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + leftoversize, array2 + 8 * pos2, data/bustools-0.40.0/src/roaring.c:1781:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output, array1 + 8 * pos1, data/bustools-0.40.0/src/roaring.c:2558:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, &val, data/bustools-0.40.0/src/roaring.c:2579:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out + outpos, &val, data/bustools-0.40.0/src/roaring.c:2964:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newcontainer->array, src->array, data/bustools-0.40.0/src/roaring.c:3043:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->array, src->array, cardinality * sizeof(uint16_t)); data/bustools-0.40.0/src/roaring.c:3229:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out + outpos, &val, data/bustools-0.40.0/src/roaring.c:3276:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, &cardinality, off = sizeof(cardinality)); data/bustools-0.40.0/src/roaring.c:3278:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (l) memcpy(&buf[off], container->array, l); data/bustools-0.40.0/src/roaring.c:3290:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, container->array, container->cardinality * sizeof(uint16_t)); data/bustools-0.40.0/src/roaring.c:3323:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(container->array, buf, container->cardinality * sizeof(uint16_t)); data/bustools-0.40.0/src/roaring.c:3363:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (len) memcpy(ptr->array, &buf[off], len); data/bustools-0.40.0/src/roaring.c:3457:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->array, source->array, data/bustools-0.40.0/src/roaring.c:3514:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bitset->array, src->array, data/bustools-0.40.0/src/roaring.c:3907:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, container->array, l); data/bustools-0.40.0/src/roaring.c:3915:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, container->array, BITSET_CONTAINER_SIZE_IN_WORDS * sizeof(uint64_t)); data/bustools-0.40.0/src/roaring.c:3923:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(container->array, buf, BITSET_CONTAINER_SIZE_IN_WORDS * sizeof(uint64_t)); data/bustools-0.40.0/src/roaring.c:3939:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, buf, sizeof(bitset_container_t)); data/bustools-0.40.0/src/roaring.c:3946:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr->array, buf, l); data/bustools-0.40.0/src/roaring.c:5013:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(answer->runs + answer->n_runs, src_1->runs + rlepos, data/bustools-0.40.0/src/roaring.c:5734:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(arr->array, src->array, start_index * sizeof(uint16_t)); data/bustools-0.40.0/src/roaring.c:5750:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(arr->array + out_pos, src->array + (last_index + 1), data/bustools-0.40.0/src/roaring.c:6807:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(run->runs, src->runs, src->n_runs * sizeof(rle16_t)); data/bustools-0.40.0/src/roaring.c:6856:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->runs, src->runs, sizeof(rle16_t) * n_runs); data/bustools-0.40.0/src/roaring.c:7262:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->runs + dst->n_runs, src_1->runs + rlepos1, data/bustools-0.40.0/src/roaring.c:7278:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out + outpos, &val, data/bustools-0.40.0/src/roaring.c:7320:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, &container->n_runs, off = sizeof(container->n_runs)); data/bustools-0.40.0/src/roaring.c:7321:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[off], &container->capacity, sizeof(container->capacity)); data/bustools-0.40.0/src/roaring.c:7325:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[off], container->runs, l); data/bustools-0.40.0/src/roaring.c:7330:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, &container->n_runs, sizeof(uint16_t)); data/bustools-0.40.0/src/roaring.c:7331:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + sizeof(uint16_t), container->runs, data/bustools-0.40.0/src/roaring.c:7339:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&container->n_runs, buf, sizeof(uint16_t)); data/bustools-0.40.0/src/roaring.c:7343:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(container->runs, buf + sizeof(uint16_t), data/bustools-0.40.0/src/roaring.c:7366:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ptr->n_runs, buf, off = 4); data/bustools-0.40.0/src/roaring.c:7367:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ptr->capacity, &buf[off], 4); data/bustools-0.40.0/src/roaring.c:7382:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr->runs, &buf[off], len); data/bustools-0.40.0/src/roaring.c:8865:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + 1, &cardinality, sizeof(uint32_t)); data/bustools-0.40.0/src/roaring.c:8921:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&card, bufaschar + 1, sizeof(uint32_t)); data/bustools-0.40.0/src/roaring.c:9121:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newit, it, sizeof(roaring_uint32_iterator_t)); data/bustools-0.40.0/src/roaring.c:10321:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bitset_zone, bitset->array, data/bustools-0.40.0/src/roaring.c:10335:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(run_zone, run->runs, num_bytes); data/bustools-0.40.0/src/roaring.c:10344:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(array_zone, array->array, num_bytes); data/bustools-0.40.0/src/roaring.c:10352:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&count_zone[i], &count, 2); data/bustools-0.40.0/src/roaring.c:10354:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(key_zone, ra->keys, ra->size * sizeof(uint16_t)); data/bustools-0.40.0/src/roaring.c:10355:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(typecode_zone, ra->typecodes, ra->size * sizeof(uint8_t)); data/bustools-0.40.0/src/roaring.c:10357:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header_zone, &header, 4); data/bustools-0.40.0/src/roaring.c:10371:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&header, buf + length - 4, 4); // header may be misaligned data/bustools-0.40.0/src/roaring.c:10538:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newcontainers, ra->containers, sizeof(void *) * ra->size); data/bustools-0.40.0/src/roaring.c:10539:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newkeys, ra->keys, sizeof(uint16_t) * ra->size); data/bustools-0.40.0/src/roaring.c:10540:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newtypecodes, ra->typecodes, sizeof(uint8_t) * ra->size); data/bustools-0.40.0/src/roaring.c:10596:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->keys, source->keys, dest->size * sizeof(uint16_t)); data/bustools-0.40.0/src/roaring.c:10606:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->containers, source->containers, data/bustools-0.40.0/src/roaring.c:10608:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->typecodes, source->typecodes, data/bustools-0.40.0/src/roaring.c:10613:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->typecodes, source->typecodes, data/bustools-0.40.0/src/roaring.c:10640:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->keys, source->keys, dest->size * sizeof(uint16_t)); data/bustools-0.40.0/src/roaring.c:10648:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->containers, source->containers, data/bustools-0.40.0/src/roaring.c:10650:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->typecodes, source->typecodes, data/bustools-0.40.0/src/roaring.c:10653:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->typecodes, source->typecodes, data/bustools-0.40.0/src/roaring.c:11016:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(append_ans, t_ans, dtr * sizeof(uint32_t)); data/bustools-0.40.0/src/roaring.c:11043:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ans, t_ans+first_skip, limit * sizeof(uint32_t)); data/bustools-0.40.0/src/roaring.c:11086:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, &cookie, sizeof(cookie)); data/bustools-0.40.0/src/roaring.c:11097:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, bitmapOfRunContainers, s); data/bustools-0.40.0/src/roaring.c:11108:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, &cookie, sizeof(cookie)); data/bustools-0.40.0/src/roaring.c:11110:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, &ra->size, sizeof(ra->size)); data/bustools-0.40.0/src/roaring.c:11116:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, &ra->keys[k], sizeof(ra->keys[k])); data/bustools-0.40.0/src/roaring.c:11122:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, &card, sizeof(card)); data/bustools-0.40.0/src/roaring.c:11128:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, &startOffset, sizeof(startOffset)); data/bustools-0.40.0/src/roaring.c:11152:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cookie, buf, sizeof(int32_t)); data/bustools-0.40.0/src/roaring.c:11165:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&size, buf, sizeof(int32_t)); data/bustools-0.40.0/src/roaring.c:11212:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&n_runs, buf, sizeof(uint16_t)); data/bustools-0.40.0/src/roaring.c:11239:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cookie, buf, sizeof(int32_t)); data/bustools-0.40.0/src/roaring.c:11257:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&size, buf, sizeof(int32_t)); data/bustools-0.40.0/src/roaring.c:11350:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&n_runs, buf, sizeof(uint16_t)); data/bustools-0.40.0/src/BUSData.cpp:77:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). inf.read((char*)(&magic[0]), 4); data/bustools-0.40.0/src/BUSData.cpp:81:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). inf.read((char*)(&header.version), sizeof(header.version)); data/bustools-0.40.0/src/BUSData.cpp:85:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). inf.read((char*)(&header.bclen), sizeof(header.bclen)); data/bustools-0.40.0/src/BUSData.cpp:86:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). inf.read((char*)(&header.umilen), sizeof(header.umilen)); data/bustools-0.40.0/src/BUSData.cpp:88:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). inf.read((char*)(&tlen), sizeof(tlen)); data/bustools-0.40.0/src/BUSData.cpp:90:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). inf.read(t, tlen); data/bustools-0.40.0/src/bustools_capture.cpp:87:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). in.read((char*)p, N*sizeof(BUSData)); data/bustools-0.40.0/src/bustools_correct.cpp:136:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). in.read((char*)p, N*sizeof(BUSData)); data/bustools-0.40.0/src/bustools_count.cpp:304:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). in.read((char*)p, N*sizeof(BUSData)); data/bustools-0.40.0/src/bustools_extract.cpp:68:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). in.read((char *) p, N * sizeof(BUSData)); data/bustools-0.40.0/src/bustools_inspect.cpp:119:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). in.read((char*) p, N * sizeof(BUSData)); data/bustools-0.40.0/src/bustools_inspect.cpp:188:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). in.read((char*) p, N * sizeof(BUSData)); data/bustools-0.40.0/src/bustools_linker.cpp:79:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). in.read((char*) p, N * sizeof(BUSData)); data/bustools-0.40.0/src/bustools_main.cpp:1511:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). in.read((char*)p, N*sizeof(BUSData)); data/bustools-0.40.0/src/bustools_merge.cpp:127:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bf[i].read((char *) &t, sizeof(t)); data/bustools-0.40.0/src/bustools_merge.cpp:182:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bf[i].read((char *) &t, sizeof(t)); data/bustools-0.40.0/src/bustools_project.cpp:71:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). in.read((char*)p, N*sizeof(BUSData)); data/bustools-0.40.0/src/bustools_project.cpp:145:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). in.read((char*)p, N*sizeof(BUSData)); data/bustools-0.40.0/src/bustools_project.cpp:290:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). in.read((char*) p, N * sizeof(BUSData)); data/bustools-0.40.0/src/bustools_sort.cpp:206:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). in.read((char*)p, N*sizeof(BUSData)); data/bustools-0.40.0/src/bustools_sort.cpp:272:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). in.read((char*)p, M*sizeof(BUSData)); data/bustools-0.40.0/src/bustools_sort.cpp:297:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bf[i].read((char*) &t, sizeof(t)); data/bustools-0.40.0/src/bustools_sort.cpp:324:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bf[i].read((char*) &t, sizeof(t)); data/bustools-0.40.0/src/bustools_sort.cpp:374:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). in.read((char*)p, N*sizeof(BUSData)); data/bustools-0.40.0/src/bustools_whitelist.cpp:50:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). in.read((char*) p, N * sizeof(BUSData)); data/bustools-0.40.0/src/bustools_whitelist.cpp:127:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). in.read((char*) p, N * sizeof(BUSData)); ANALYSIS SUMMARY: Hits = 169 Lines analyzed = 24189 in approximately 0.64 seconds (37632 lines/second) Physical Source Lines of Code (SLOC) = 18450 Hits@level = [0] 60 [1] 26 [2] 131 [3] 11 [4] 1 [5] 0 Hits@level+ = [0+] 229 [1+] 169 [2+] 143 [3+] 12 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 12.4119 [1+] 9.15989 [2+] 7.75068 [3+] 0.650407 [4+] 0.0542005 [5+] 0 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.