Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cd-hit-4.8.1/cd-hit-auxtools/bioSequence.cxx
Examining data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-dup.cxx
Examining data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-lap.cxx
Examining data/cd-hit-4.8.1/cd-hit-auxtools/mintlib/minMap.cxx
Examining data/cd-hit-4.8.1/cd-hit-auxtools/mintlib/minString.cxx
Examining data/cd-hit-4.8.1/cd-hit-auxtools/read-linker.cxx
Examining data/cd-hit-4.8.1/cdhit-2d.c++
Examining data/cd-hit-4.8.1/cdhit-454.c++
Examining data/cd-hit-4.8.1/cdhit-common.c++
Examining data/cd-hit-4.8.1/cdhit-common.h
Examining data/cd-hit-4.8.1/cdhit-div.c++
Examining data/cd-hit-4.8.1/cdhit-est-2d.c++
Examining data/cd-hit-4.8.1/cdhit-est.c++
Examining data/cd-hit-4.8.1/cdhit-utility.c++
Examining data/cd-hit-4.8.1/cdhit-utility.h
Examining data/cd-hit-4.8.1/cdhit.c++

FINAL RESULTS:

data/cd-hit-4.8.1/cdhit-common.c++:118:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat( buf, dir );
data/cd-hit-4.8.1/cdhit-common.c++:322:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy( date, __DATE__ );
data/cd-hit-4.8.1/cdhit-common.c++:413:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
				printf( message, NAA, i );
data/cd-hit-4.8.1/cdhit-common.c++:418:45:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		if      ( cluster_thd > 0.9  && NAA < 8 ) printf( message, NAA, 8 );
data/cd-hit-4.8.1/cdhit-common.c++:419:45:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		else if ( cluster_thd > 0.87 && NAA < 5 ) printf( message, NAA, 5 );
data/cd-hit-4.8.1/cdhit-common.c++:420:45:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		else if ( cluster_thd > 0.80 && NAA < 4 ) printf( message, NAA, 4 );
data/cd-hit-4.8.1/cdhit-common.c++:421:45:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		else if ( cluster_thd > 0.75 && NAA < 3 ) printf( message, NAA, 3 );
data/cd-hit-4.8.1/cdhit-common.c++:423:45:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		if      ( cluster_thd > 0.85 && NAA < 5 ) printf( message, NAA, 5 );
data/cd-hit-4.8.1/cdhit-common.c++:424:45:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		else if ( cluster_thd > 0.80 && NAA < 4 ) printf( message, NAA, 4 );
data/cd-hit-4.8.1/cdhit-common.c++:425:45:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		else if ( cluster_thd > 0.75 && NAA < 3 ) printf( message, NAA, 3 );
data/cd-hit-4.8.1/cdhit-common.c++:1569:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy( data, s );
data/cd-hit-4.8.1/cdhit-common.c++:2314:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf( outfile, "%s-%i", newdb, 0 );
data/cd-hit-4.8.1/cdhit-common.c++:2324:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf( outfile, "%s-%i", newdb, seg );
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-lap.cxx:362:3:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		srand( seed );
data/cd-hit-4.8.1/cd-hit-auxtools/bioSequence.cxx:73:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[ BUFSIZE+1 ];
data/cd-hit-4.8.1/cd-hit-auxtools/bioSequence.cxx:130:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[ BUFSIZE+1 ];
data/cd-hit-4.8.1/cd-hit-auxtools/bioSequence.cxx:131:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *fin = fopen( file.Data(), "r" );
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-dup.cxx:83:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *fout1 = fopen( name.Data(), "w" );
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-dup.cxx:84:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *fout2 = fopen( cfile.Data(), "w" );
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-dup.cxx:85:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *fout3 = fopen( cfile2.Data(), "w" );
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-dup.cxx:86:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cdes[200];
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-dup.cxx:101:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf( cdes, " chimeric_parent1=%i,chimeric_parent2=%i", head, tail );
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-dup.cxx:117:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *fout2 = fopen( cfile.Data(), "w" );
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-dup.cxx:118:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *fout3 = fopen( cfile2.Data(), "w" );
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-dup.cxx:119:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cdes[200];
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-dup.cxx:134:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf( cdes, " chimeric_parent1=%i,chimeric_parent2=%i", head, tail );
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-dup.cxx:145:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *fout1 = fopen( name.Data(), "w" );
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-lap.cxx:16:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char base_mapping[128] = {0};
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-lap.cxx:17:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char rev_comp_mapping[128] = {0};
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-lap.cxx:129:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cdes[200];
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-lap.cxx:333:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fout_rep = fopen( output.Data(), "w" );
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-lap.cxx:334:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fout_clstr = fopen( cfile.Data(), "w" );
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-lap.cxx:338:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fout_log = fopen( cfile.Data(), "w" );
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-lap.cxx:339:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fout_clstr = fopen( cfile2.Data(), "w" );
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-lap.cxx:343:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fout_log = fopen( cfile.Data(), "w" );
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-lap.cxx:344:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fout_rep = fopen( output.Data(), "w" );
data/cd-hit-4.8.1/cd-hit-auxtools/mintlib/minString.cxx:78:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	if( s ) memcpy( data, s, n*sizeof(char) );
data/cd-hit-4.8.1/cd-hit-auxtools/mintlib/minString.cxx:84:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy( data + size, s, n*sizeof(char) );
data/cd-hit-4.8.1/cd-hit-auxtools/mintlib/minString.cxx:179:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy( data + size, s, n*sizeof(char) );
data/cd-hit-4.8.1/cd-hit-auxtools/mintlib/minString.cxx:186:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy( data + size, s.data, s.size*sizeof(char) );
data/cd-hit-4.8.1/cd-hit-auxtools/mintlib/minString.cxx:194:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char enc[256];
data/cd-hit-4.8.1/cd-hit-auxtools/mintlib/minString.cxx:312:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	if( m ) memcpy( padding.data, this->data + chunks*64, m*sizeof(char) );
data/cd-hit-4.8.1/cd-hit-auxtools/mintlib/minString.cxx:348:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char s[30];
data/cd-hit-4.8.1/cd-hit-auxtools/mintlib/minString.cxx:349:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( s, "%i", i );
data/cd-hit-4.8.1/cd-hit-auxtools/read-linker.cxx:89:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tag[50];
data/cd-hit-4.8.1/cd-hit-auxtools/read-linker.cxx:90:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( tag, ".contig.%i length=%i overlap=%i mismatch_no=%i", (i+1), n1+n2-O, O, error );
data/cd-hit-4.8.1/cd-hit-auxtools/read-linker.cxx:209:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *fout = fopen( output.Data(), "w" );
data/cd-hit-4.8.1/cdhit-common.c++:111:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[512];
data/cd-hit-4.8.1/cdhit-common.c++:124:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat( buf, "cdhit.temp." );
data/cd-hit-4.8.1/cdhit-common.c++:126:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buf + len, "%p", this );
data/cd-hit-4.8.1/cdhit-common.c++:127:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		file = fopen( buf, "w+" );
data/cd-hit-4.8.1/cdhit-common.c++:213:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int intval = atoi( value );
data/cd-hit-4.8.1/cdhit-common.c++:277:51:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		else if( strcmp(flag, "-D") == 0 ){ max_indel = atoi(value); return true; }
data/cd-hit-4.8.1/cdhit-common.c++:280:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (strcmp(flag, "-t" ) == 0) tolerance = atoi(value);
data/cd-hit-4.8.1/cdhit-common.c++:281:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	else if (strcmp(flag, "-F" ) == 0) frag_size = atoi(value);
data/cd-hit-4.8.1/cdhit-common.c++:293:55:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	else if (strcmp(flag, "-S2") == 0) diff_cutoff_aa2 = atoi(value);
data/cd-hit-4.8.1/cdhit-common.c++:301:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (strcmp(flag, "-r" ) == 0) option_r  = atoi(value); 
data/cd-hit-4.8.1/cdhit-common.c++:302:58:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	else if (strcmp(flag, "-gap") == 0) mat.gap = MAX_SEQ * atoi(value);
data/cd-hit-4.8.1/cdhit-common.c++:303:66:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	else if (strcmp(flag, "-gap-ext") == 0) mat.ext_gap = MAX_SEQ * atoi(value);
data/cd-hit-4.8.1/cdhit-common.c++:304:55:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	else if (strcmp(flag, "-match") == 0) mat.set_match( atoi(value) );
data/cd-hit-4.8.1/cdhit-common.c++:305:61:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	else if (strcmp(flag, "-mismatch") == 0) mat.set_mismatch( atoi(value) );
data/cd-hit-4.8.1/cdhit-common.c++:321:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char date[100];
data/cd-hit-4.8.1/cdhit-common.c++:962:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char AA[ MAX_SEQ ], BB[ MAX_SEQ ];
data/cd-hit-4.8.1/cdhit-common.c++:1151:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *fout = fopen( "alignments.txt", "a" );
data/cd-hit-4.8.1/cdhit-common.c++:1489:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy( this, & other, sizeof( Sequence ) );
data/cd-hit-4.8.1/cdhit-common.c++:1497:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy( data, other.data, size );
data/cd-hit-4.8.1/cdhit-common.c++:1503:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy( identifier, other.identifier, len );
data/cd-hit-4.8.1/cdhit-common.c++:1520:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy( this, & other, sizeof( Sequence ) );
data/cd-hit-4.8.1/cdhit-common.c++:1530:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( data, other2.data, size_R2); // copy R2 first
data/cd-hit-4.8.1/cdhit-common.c++:1532:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy( data+size_R2, other.data, size-size_R2 ); // copy R1 to end of R2
data/cd-hit-4.8.1/cdhit-common.c++:1544:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy( identifier, other.identifier, len );
data/cd-hit-4.8.1/cdhit-common.c++:1575:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy( data+m, s, n );
data/cd-hit-4.8.1/cdhit-common.c++:1587:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy( data, old, m );
data/cd-hit-4.8.1/cdhit-common.c++:1603:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy( data, old, m );
data/cd-hit-4.8.1/cdhit-common.c++:1623:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy( & tmp, this, sizeof( Sequence ) );
data/cd-hit-4.8.1/cdhit-common.c++:1624:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy( this, & other, sizeof( Sequence ) );
data/cd-hit-4.8.1/cdhit-common.c++:1625:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy( & other, & tmp, sizeof( Sequence ) );
data/cd-hit-4.8.1/cdhit-common.c++:1794:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *fin = fopen( file, "rb" );
data/cd-hit-4.8.1/cdhit-common.c++:2048:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *fin = fopen( file, "rb" );
data/cd-hit-4.8.1/cdhit-common.c++:2049:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *fin2= fopen( file2,"rb" );
data/cd-hit-4.8.1/cdhit-common.c++:2309:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *fin = fopen( db, "rb" );
data/cd-hit-4.8.1/cdhit-common.c++:2311:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char outfile[512];
data/cd-hit-4.8.1/cdhit-common.c++:2315:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *fout = fopen( outfile, "w+" );
data/cd-hit-4.8.1/cdhit-common.c++:2326:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			fout = fopen( outfile, "w+" );
data/cd-hit-4.8.1/cdhit-common.c++:2352:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *fout = fopen( newdb, "w+" );
data/cd-hit-4.8.1/cdhit-common.c++:2393:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *fin = fopen( db, "rb" );
data/cd-hit-4.8.1/cdhit-common.c++:2394:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *fout = fopen( newdb, "w+" );
data/cd-hit-4.8.1/cdhit-common.c++:2431:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *fout = fopen( newdb, "w+" );
data/cd-hit-4.8.1/cdhit-common.c++:2432:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *fout_pe = fopen( newdb_pe, "w+" );
data/cd-hit-4.8.1/cdhit-common.c++:2517:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *fin = fopen( db, "rb" );
data/cd-hit-4.8.1/cdhit-common.c++:2518:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *fout = fopen( newdb, "w+" );
data/cd-hit-4.8.1/cdhit-common.c++:2519:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *fin_pe = fopen( db_pe, "rb" );
data/cd-hit-4.8.1/cdhit-common.c++:2520:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *fout_pe = fopen( newdb_pe, "w+" );
data/cd-hit-4.8.1/cdhit-common.c++:2605:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fout = fopen( db_clstr_bak.c_str(), "w+" );
data/cd-hit-4.8.1/cdhit-common.c++:2622:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fout = fopen( db_clstr.c_str(), "w+" );
data/cd-hit-4.8.1/cdhit-common.c++:2665:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fout = fopen( db_clstr_bak.c_str(), "w+" );
data/cd-hit-4.8.1/cdhit-common.c++:2684:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fout = fopen( db_clstr.c_str(), "w+" );
data/cd-hit-4.8.1/cdhit-common.c++:2986:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char msg[200];
data/cd-hit-4.8.1/cdhit-common.c++:2987:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( msg, "not enough memory, please set -M option greater than %zu\n", 
data/cd-hit-4.8.1/cdhit-common.c++:3650:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *fout = fopen( output.c_str(), "w+" );
data/cd-hit-4.8.1/cdhit-common.c++:3999:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char short_word[32]; //short_word[12] is enough
data/cd-hit-4.8.1/cdhit-common.h:125:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy( items, other.items, other.size * sizeof(TYPE) );
data/cd-hit-4.8.1/cdhit-div.c++:44:51:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		else if (strcmp(argv[i], "-div"  )==0) div    = atoi(argv[++i]);
data/cd-hit-4.8.1/cd-hit-auxtools/mintlib/minString.cxx:100:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int i, N = strlen( chs );
data/cd-hit-4.8.1/cd-hit-auxtools/mintlib/minString.cxx:159:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	SetBytes( s, strlen(s) );
data/cd-hit-4.8.1/cd-hit-auxtools/mintlib/minString.cxx:177:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int n = strlen( s );
data/cd-hit-4.8.1/cdhit-common.c++:114:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int len = dir ? strlen( dir ) : 0;
data/cd-hit-4.8.1/cdhit-common.c++:323:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen( date );
data/cd-hit-4.8.1/cdhit-common.c++:330:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		n += strlen( argv[i] ) + 1;
data/cd-hit-4.8.1/cdhit-common.c++:333:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			n = strlen( argv[i] ) + 9;
data/cd-hit-4.8.1/cdhit-common.c++:482:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(seq);
data/cd-hit-4.8.1/cdhit-common.c++:1501:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int len = strlen( other.identifier );
data/cd-hit-4.8.1/cdhit-common.c++:1542:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int len = strlen( other.identifier );
data/cd-hit-4.8.1/cdhit-common.c++:1568:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	Resize( strlen( s ) );
data/cd-hit-4.8.1/cdhit-common.c++:1573:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int i, m = size, n = strlen( s );
data/cd-hit-4.8.1/cdhit-common.c++:1707:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int len = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1711:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                len2 = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1718:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1722:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                len2 = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1744:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int len = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1751:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                len2 = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1766:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            one.tot_length += strlen(buffer);  one += buffer;
data/cd-hit-4.8.1/cdhit-common.c++:1786:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int f_len = strlen(file);
data/cd-hit-4.8.1/cdhit-common.c++:1806:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int len = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1810:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                len2 = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1817:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1821:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                len2 = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1843:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int len = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1850:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                len2 = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1865:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            one.tot_length += strlen(buffer);  one += buffer;
data/cd-hit-4.8.1/cdhit-common.c++:1913:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int len = strlen( buffer ); 
data/cd-hit-4.8.1/cdhit-common.c++:1917:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                len2 = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1924:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1928:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                len2 = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1934:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = strlen( buffer2 );
data/cd-hit-4.8.1/cdhit-common.c++:1938:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                len2 = strlen( buffer2 );
data/cd-hit-4.8.1/cdhit-common.c++:1945:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = strlen( buffer2 );
data/cd-hit-4.8.1/cdhit-common.c++:1949:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                len2 = strlen( buffer2 );
data/cd-hit-4.8.1/cdhit-common.c++:1981:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int len = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1988:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                len2 = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:2007:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = strlen( buffer2 );
data/cd-hit-4.8.1/cdhit-common.c++:2011:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                len2 = strlen( buffer2 );
data/cd-hit-4.8.1/cdhit-common.c++:2019:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            one.tot_length += strlen(buffer);  one += buffer;
data/cd-hit-4.8.1/cdhit-common.c++:2020:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            two.tot_length+= strlen(buffer2); two+= buffer2;
data/cd-hit-4.8.1/cdhit-common.c++:2038:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int f_len = strlen(file);
data/cd-hit-4.8.1/cdhit-common.c++:2039:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int f_len2= strlen(file2);
data/cd-hit-4.8.1/cdhit-common.c++:2073:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int len = strlen( buffer ); 
data/cd-hit-4.8.1/cdhit-common.c++:2077:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                len2 = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:2084:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:2088:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                len2 = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:2094:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = strlen( buffer2 );
data/cd-hit-4.8.1/cdhit-common.c++:2098:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                len2 = strlen( buffer2 );
data/cd-hit-4.8.1/cdhit-common.c++:2105:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = strlen( buffer2 );
data/cd-hit-4.8.1/cdhit-common.c++:2109:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                len2 = strlen( buffer2 );
data/cd-hit-4.8.1/cdhit-common.c++:2141:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int len = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:2148:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                len2 = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:2167:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = strlen( buffer2 );
data/cd-hit-4.8.1/cdhit-common.c++:2171:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                len2 = strlen( buffer2 );
data/cd-hit-4.8.1/cdhit-common.c++:2179:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            one.tot_length += strlen(buffer);  one += buffer;
data/cd-hit-4.8.1/cdhit-common.c++:2180:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            two.tot_length+= strlen(buffer2); two+= buffer2;
data/cd-hit-4.8.1/cdhit-common.c++:2243:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if( seq->identifier ) total_desc += strlen( seq->identifier );
data/cd-hit-4.8.1/cdhit-common.c++:2387:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int f_len = strlen(db);
data/cd-hit-4.8.1/cdhit-common.c++:2511:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int f_len = strlen(db); 

ANALYSIS SUMMARY:

Hits = 163
Lines analyzed = 8936 in approximately 0.30 seconds (29320 lines/second)
Physical Source Lines of Code (SLOC) = 7505
Hits@level = [0] 290 [1]  60 [2]  89 [3]   1 [4]  13 [5]   0
Hits@level+ = [0+] 453 [1+] 163 [2+] 103 [3+]  14 [4+]  13 [5+]   0
Hits/KSLOC@level+ = [0+] 60.3598 [1+] 21.7189 [2+] 13.7242 [3+] 1.86542 [4+] 1.73218 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.