Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/daligner-1.0+git20200727.ed40ce5/DB.c Examining data/daligner-1.0+git20200727.ed40ce5/DB.h Examining data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c Examining data/daligner-1.0+git20200727.ed40ce5/LAa2b.c Examining data/daligner-1.0+git20200727.ed40ce5/LAb2a.c Examining data/daligner-1.0+git20200727.ed40ce5/LAcat.c Examining data/daligner-1.0+git20200727.ed40ce5/LAcheck.c Examining data/daligner-1.0+git20200727.ed40ce5/LAdump.c Examining data/daligner-1.0+git20200727.ed40ce5/LAmerge.c Examining data/daligner-1.0+git20200727.ed40ce5/LAshow.c Examining data/daligner-1.0+git20200727.ed40ce5/LAsort.c Examining data/daligner-1.0+git20200727.ed40ce5/LAsplit.c Examining data/daligner-1.0+git20200727.ed40ce5/QV.c Examining data/daligner-1.0+git20200727.ed40ce5/QV.h Examining data/daligner-1.0+git20200727.ed40ce5/align.c Examining data/daligner-1.0+git20200727.ed40ce5/align.h Examining data/daligner-1.0+git20200727.ed40ce5/daligner.c Examining data/daligner-1.0+git20200727.ed40ce5/dumpLA.c Examining data/daligner-1.0+git20200727.ed40ce5/filter.c Examining data/daligner-1.0+git20200727.ed40ce5/filter.h Examining data/daligner-1.0+git20200727.ed40ce5/lsd.sort.c Examining data/daligner-1.0+git20200727.ed40ce5/lsd.sort.h FINAL RESULTS: data/daligner-1.0+git20200727.ed40ce5/DB.c:179:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cat,"%s%s%s%s",path,sep,root,suffix); data/daligner-1.0+git20200727.ed40ce5/DB.c:200:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sfx,"%s%d%s",left,num,right); data/daligner-1.0+git20200727.ed40ce5/DB.c:223:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cat,"%s%s%s%s",path,sep,root,suffix); data/daligner-1.0+git20200727.ed40ce5/DB.c:244:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sfx,"%s%d%s",left,num,right); data/daligner-1.0+git20200727.ed40ce5/DB.c:506:7: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (fscanf(dbfile,DB_NFILE,&nfiles) != 1) data/daligner-1.0+git20200727.ed40ce5/DB.c:538:11: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. { if (fscanf(dbfile,DB_FDATA,&nread,buf1,buf2) != 3) data/daligner-1.0+git20200727.ed40ce5/DB.c:554:7: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (fscanf(dbfile,DB_NBLOCK,&nblocks) != 1) data/daligner-1.0+git20200727.ed40ce5/DB.c:557:7: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (fscanf(dbfile,DB_PARAMS,&size,&cutoff,&all) != 3) data/daligner-1.0+git20200727.ed40ce5/DB.c:567:13: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (fscanf(dbfile,DB_BDATA,stub->ublocks+i,stub->tblocks+i) != 2) data/daligner-1.0+git20200727.ed40ce5/DB.c:604:7: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (fscanf(dbfile,DB_NFILE,&nfiles) != 1) data/daligner-1.0+git20200727.ed40ce5/DB.c:609:7: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (fscanf(dbfile,DB_NBLOCK,&nblocks) != 1) data/daligner-1.0+git20200727.ed40ce5/DB.c:617:7: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (fscanf(dbfile,DB_PARAMS,&size,&cutoff,&all) != 3) data/daligner-1.0+git20200727.ed40ce5/DB.c:620:9: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (fscanf(dbfile,DB_BDATA,&ufirst,&tfirst) != 2) data/daligner-1.0+git20200727.ed40ce5/DB.c:622:7: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (fscanf(dbfile,DB_BDATA,&ulast,&tlast) != 2) data/daligner-1.0+git20200727.ed40ce5/DB.c:761:9: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (fscanf(dbvis,DB_NFILE,&nfiles) != 1) data/daligner-1.0+git20200727.ed40ce5/DB.c:766:11: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (fscanf(dbvis,DB_FDATA,&tlast,fname,prolog) != 3) data/daligner-1.0+git20200727.ed40ce5/DB.c:770:9: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (fscanf(dbvis,DB_NBLOCK,&nblocks) != 1) data/daligner-1.0+git20200727.ed40ce5/DB.c:781:13: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. { if (fscanf(dbvis,DB_PARAMS,&size,&cutoff,&all) != 3) data/daligner-1.0+git20200727.ed40ce5/DB.c:793:15: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (fscanf(dbvis,DB_BDATA,&ufirst,&tfirst) != 2) data/daligner-1.0+git20200727.ed40ce5/DB.c:797:13: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (fscanf(dbvis,DB_BDATA,&ulast,&tlast) != 2) data/daligner-1.0+git20200727.ed40ce5/DB.c:2363:9: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (fscanf(istub,DB_NFILE,&nfiles) != 1) data/daligner-1.0+git20200727.ed40ce5/DB.c:2381:17: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. { if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3) data/daligner-1.0+git20200727.ed40ce5/DB.c:2392:17: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3) data/daligner-1.0+git20200727.ed40ce5/DB.c:2413:16: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. (void) fscanf(istub,DB_NFILE,&nfiles); data/daligner-1.0+git20200727.ed40ce5/DB.c:2417:20: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. { (void) fscanf(istub,DB_FDATA,&last,fname,prolog); data/daligner-1.0+git20200727.ed40ce5/DB.c:2422:20: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. { (void) fscanf(istub,DB_FDATA,&last,fname,prolog); data/daligner-1.0+git20200727.ed40ce5/DB.c:2481:17: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. { if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3) data/daligner-1.0+git20200727.ed40ce5/DB.c:2779:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(parse->slice,"%s/%s",parse->pwd,parse->root); data/daligner-1.0+git20200727.ed40ce5/DB.c:2781:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(parse->slice,"%s/%s%c%d-%d%s",parse->pwd,parse->root,BLOCK_SYMBOL,parse->next+1, data/daligner-1.0+git20200727.ed40ce5/DB.c:2883:11: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (fscanf(dbfile,DB_NFILE,&nfiles) != 1) data/daligner-1.0+git20200727.ed40ce5/DB.c:2888:11: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (fscanf(dbfile,DB_NBLOCK,&nblocks) != 1) data/daligner-1.0+git20200727.ed40ce5/DB.h:39:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define EPRINTF sprintf data/daligner-1.0+git20200727.ed40ce5/DB.h:45:17: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define EPRINTF fprintf data/daligner-1.0+git20200727.ed40ce5/DB.h:159:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. { if (fprintf(file,__VA_ARGS__) < 0) \ data/daligner-1.0+git20200727.ed40ce5/DB.h:164:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. { if (printf(__VA_ARGS__) < 0) \ data/daligner-1.0+git20200727.ed40ce5/DB.h:194:9: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. { if (fscanf(file,__VA_ARGS__) != Count_Args(#__VA_ARGS__)-1) \ data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:200:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. { sprintf(name,"%s.00.MKDIR",ONAME); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:215:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. { sprintf(name,"%s.01.OVL",ONAME); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:237:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out,HPC_ALIGN,NTHREADS,jobid++); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:242:15: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out,HPC_ALIGN,NTHREADS,(MINT*1024)/NTHREADS,jobid++); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:244:15: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out,HPC_ALIGN,NTHREADS,(16*1024)/NTHREADS,jobid++); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:338:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name,"%s.02.CHECK.OPT",ONAME); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:350:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out,HPC_CHECK,jobid++); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:395:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. { sprintf(name,"%s.03.MERGE",ONAME); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:409:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out,HPC_MERGE,jobid++); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:461:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out,HPC_MERGE,jobid++); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:491:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name,"%s.04.RM.OPT",ONAME); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:720:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. { sprintf(name,"%s.00.MKDIR",ONAME); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:735:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. { sprintf(name,"%s.01.CMP",ONAME); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:755:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out,HPC_MALIGN,NTHREADS,jobid++); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:759:15: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out,HPC_MALIGN,NTHREADS,(MINT*1024)/NTHREADS,jobid++); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:761:15: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out,HPC_MALIGN,NTHREADS,(16*1024)/NTHREADS,jobid++); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:845:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name,"%s.02.CHECK.OPT",ONAME); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:858:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out,HPC_MCHECK,jobid++); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:900:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. { sprintf(name,"%s.03.MERGE",ONAME); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:912:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out,HPC_MMERGE,jobid++); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:945:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name,"%s.04.RM",ONAME); data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:324:20: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. com += sprintf(com," -P%s",TEMP_PATH); data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:325:18: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. com += sprintf(com," %s/LM%d.P%d",TEMP_PATH,pid,i); data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:329:23: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. { com += sprintf(com," %s",Next_Block_Slice(parse,nfile[c])); data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:342:22: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. com += sprintf(com," %s",Next_Block_Slice(parse,n)); data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:346:11: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(command); data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:355:14: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. com += sprintf(com," %s %s/LM%d.P%c",argv[1],TEMP_PATH,pid,BLOCK_SYMBOL); data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:356:7: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(command); data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:358:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command,"rm %s/LM%d.P*.las",TEMP_PATH,pid); data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:359:7: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(command); data/daligner-1.0+git20200727.ed40ce5/daligner.c:442:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command,"rm -r %s",SORT_PATH); data/daligner-1.0+git20200727.ed40ce5/daligner.c:443:7: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(command) != 0) data/daligner-1.0+git20200727.ed40ce5/daligner.c:640:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(newpath,"%s/daligner.%d",SORT_PATH,getpid()); data/daligner-1.0+git20200727.ed40ce5/daligner.c:694:6: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(command) != 0) \ data/daligner-1.0+git20200727.ed40ce5/daligner.c:702:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command,"LAsort %s %s %s/%s.%s.N%c",VERBOSE?"-v":"", data/daligner-1.0+git20200727.ed40ce5/daligner.c:706:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command,"LAmerge %s %s %s.%s.las %s/%s.%s.N%c.S",VERBOSE?"-v":"", data/daligner-1.0+git20200727.ed40ce5/daligner.c:712:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. { sprintf(command,"LAsort %s %s %s/%s.%s.N%c",VERBOSE?"-v":"", data/daligner-1.0+git20200727.ed40ce5/daligner.c:716:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command,"LAmerge %s %s %s.%s.las %s/%s.%s.N%c.S",VERBOSE?"-v":"", data/daligner-1.0+git20200727.ed40ce5/filter.c:2566:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname,"%s/%s.%s.N%d.las",SORT_PATH,aname,bname,i+1); data/daligner-1.0+git20200727.ed40ce5/filter.c:2574:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. { sprintf(fname,"%s/%s.%s.N%d.las",SORT_PATH,bname,aname,i+1); data/daligner-1.0+git20200727.ed40ce5/filter.c:2642:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. { sprintf(fname,"%s/%s.%s.N%d.las",SORT_PATH,aname,bname,i+1); data/daligner-1.0+git20200727.ed40ce5/filter.c:2648:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. { sprintf(fname,"%s/%s.%s.N%d.las",SORT_PATH,bname,aname,i+1); data/daligner-1.0+git20200727.ed40ce5/DB.c:42:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Ebuffer[1000]; data/daligner-1.0+git20200727.ed40ce5/DB.c:107:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen(name,mode)) == NULL) data/daligner-1.0+git20200727.ed40ce5/DB.c:334:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. *s++ = (char ) ((s0[i] << 6) | (s1[i] << 4) | (s2[i] << 2) | s3[i]); data/daligner-1.0+git20200727.ed40ce5/DB.c:368:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { static char letter[4] = { 'a', 'c', 'g', 't' }; data/daligner-1.0+git20200727.ed40ce5/DB.c:376:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { static char letter[4] = { 'A', 'C', 'G', 'T' }; data/daligner-1.0+git20200727.ed40ce5/DB.c:384:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { static char letter[4] = { '1', '2', '3', '4' }; data/daligner-1.0+git20200727.ed40ce5/DB.c:394:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { static char number[128] = data/daligner-1.0+git20200727.ed40ce5/DB.c:419:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { static char arrow[128] = data/daligner-1.0+git20200727.ed40ce5/DB.c:444:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { static char change[128] = data/daligner-1.0+git20200727.ed40ce5/DB.c:482:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[MAX_NAME+100]; data/daligner-1.0+git20200727.ed40ce5/DB.c:483:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[MAX_NAME+100]; data/daligner-1.0+git20200727.ed40ce5/DB.c:592:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[2*MAX_NAME+100]; data/daligner-1.0+git20200727.ed40ce5/DB.c:728:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((dbvis = fopen(cat,"r")) == NULL) data/daligner-1.0+git20200727.ed40ce5/DB.c:740:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((dbvis = fopen(cat,"r")) == NULL) data/daligner-1.0+git20200727.ed40ce5/DB.c:758:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[MAX_NAME], prolog[MAX_NAME]; data/daligner-1.0+git20200727.ed40ce5/DB.c:1650:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). { afile = fopen(MyCatenate(db->path,MyNumbered_Suffix(".",db->part,"."),track,".anno"),"r"); data/daligner-1.0+git20200727.ed40ce5/DB.c:1654:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). { afile = fopen(MyCatenate(db->path,".",track,".anno"),"r"); data/daligner-1.0+git20200727.ed40ce5/DB.c:1818:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). { afile = fopen(MyCatenate(db->path,MyNumbered_Suffix(".",db->part,"."),track,".anno"),"r"); data/daligner-1.0+git20200727.ed40ce5/DB.c:1822:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). { afile = fopen(MyCatenate(db->path,".",track,".anno"),"r"); data/daligner-1.0+git20200727.ed40ce5/DB.c:1842:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dfile = fopen(name,"r"); data/daligner-1.0+git20200727.ed40ce5/DB.c:2360:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prolog[MAX_NAME], fname[MAX_NAME]; data/daligner-1.0+git20200727.ed40ce5/DB.c:2700:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((input = fopen(MyCatenate(parse->pwd,"/",disp,".las"),"r")) == NULL) data/daligner-1.0+git20200727.ed40ce5/DB.c:2867:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { char buffer[2*MAX_NAME+100]; data/daligner-1.0+git20200727.ed40ce5/DB.c:2873:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dbfile = fopen(dbname,"r"); data/daligner-1.0+git20200727.ed40ce5/DB.c:2876:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dbfile = fopen(dbname,"r"); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:82:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[100]; data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:96:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dbvis = fopen(Catenate(pwd,"/",root,".dam"),"r"); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:106:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { char buffer[30001]; data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:157:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). { file = fopen(Catenate(pwd,"/",root,Numbered_Suffix(".",fblock-1,".las")),"r"); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:171:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(Catenate(pwd,"/",root,Numbered_Suffix(".",fblock,".las")),"r"); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:173:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(Catenate(pwd,"/",root,".las"),"r"); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:201:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(name,"w"); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:216:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(name,"w"); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:339:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(name,"w"); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:396:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(name,"w"); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:492:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(name,"w"); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:556:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[100]; data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:571:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dbvis = fopen(Catenate(pwd1,"/",root1,".dam"),"r"); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:581:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { char buffer[30001]; data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:613:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dbvis = fopen(Catenate(pwd2,"/",root2,".dam"),"r"); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:623:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { char buffer[30001]; data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:681:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). { file = fopen(Catenate(src2,".",root1,Numbered_Suffix(".",fblock-1,".las")),"r"); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:691:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). { file = fopen(Catenate(src2,".",root1,Numbered_Suffix(".",fblock,".las")),"r"); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:699:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). { file = fopen(Catenate(src2,".",root1,".las"),"r"); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:721:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(name,"w"); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:736:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(name,"w"); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:846:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(name,"w"); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:901:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(name,"w"); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:946:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(name,"w"); data/daligner-1.0+git20200727.ed40ce5/LAdump.c:121:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((input = fopen(Catenate(pwd,"/",root,".las"),"r")) != NULL) data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:304:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[clen], *com; data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:320:18: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. com += sprintf(com,"LAmerge"); data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:322:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. com += sprintf(com," -a"); data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:352:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. com += sprintf(com,"LAmerge"); data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:354:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. com += sprintf(com," -a"); data/daligner-1.0+git20200727.ed40ce5/LAshow.c:132:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((input = fopen(Catenate(pwd,"/",root,".las"),"r")) != NULL) data/daligner-1.0+git20200727.ed40ce5/align.c:3292:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ToL[8] = { 'a', 'c', 'g', 't', '.', '[', ']', '-' }; data/daligner-1.0+git20200727.ed40ce5/align.c:3293:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ToU[8] = { 'A', 'C', 'G', 'T', '.', '[', ']', '-' }; data/daligner-1.0+git20200727.ed40ce5/dumpLA.c:37:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((output = fopen(Catenate(pwd,"/",root,".las"),"w")) == NULL) data/daligner-1.0+git20200727.ed40ce5/filter.c:1335:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(trk,apath->trace,apath->tlen*sizeof(uint16)); data/daligner-1.0+git20200727.ed40ce5/lsd.sort.c:85:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(trg+x,src+i,DSIZE); data/daligner-1.0+git20200727.ed40ce5/lsd.sort.c:92:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(trg+x,src+i,DSIZE); data/daligner-1.0+git20200727.ed40ce5/DB.c:147:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { epos = strlen(find); data/daligner-1.0+git20200727.ed40ce5/DB.c:148:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). epos -= strlen(suffix); data/daligner-1.0+git20200727.ed40ce5/DB.c:167:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(path); data/daligner-1.0+git20200727.ed40ce5/DB.c:168:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(sep); data/daligner-1.0+git20200727.ed40ce5/DB.c:169:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(root); data/daligner-1.0+git20200727.ed40ce5/DB.c:170:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(suffix); data/daligner-1.0+git20200727.ed40ce5/DB.c:190:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(left); data/daligner-1.0+git20200727.ed40ce5/DB.c:191:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(right) + 40; data/daligner-1.0+git20200727.ed40ce5/DB.c:211:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(path); data/daligner-1.0+git20200727.ed40ce5/DB.c:212:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(sep); data/daligner-1.0+git20200727.ed40ce5/DB.c:213:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(root); data/daligner-1.0+git20200727.ed40ce5/DB.c:214:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(suffix); data/daligner-1.0+git20200727.ed40ce5/DB.c:234:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(left); data/daligner-1.0+git20200727.ed40ce5/DB.c:235:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(right) + 40; data/daligner-1.0+git20200727.ed40ce5/DB.c:697:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). plen = strlen(path); data/daligner-1.0+git20200727.ed40ce5/DB.c:1045:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(db->path)+1 data/daligner-1.0+git20200727.ed40ce5/DB.c:1060:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(t->name)+1 data/daligner-1.0+git20200727.ed40ce5/DB.c:1093:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). plen = strlen(path); data/daligner-1.0+git20200727.ed40ce5/DB.c:1098:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rlen = strlen(root); data/daligner-1.0+git20200727.ed40ce5/DB.c:1136:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dlen = strlen(name); data/daligner-1.0+git20200727.ed40ce5/DB.c:1213:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { char *read; data/daligner-1.0+git20200727.ed40ce5/DB.c:1227:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int Load_Read(DAZZ_DB *db, int i, char *read, int ascii) data/daligner-1.0+git20200727.ed40ce5/DB.c:1240:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(read,(char *) bases + r[i].boff,len); data/daligner-1.0+git20200727.ed40ce5/DB.c:1240:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). strncpy(read,(char *) bases + r[i].boff,len); data/daligner-1.0+git20200727.ed40ce5/DB.c:1242:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { if (*read < 4) data/daligner-1.0+git20200727.ed40ce5/DB.c:1243:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[-1] = read[len] = 4; data/daligner-1.0+git20200727.ed40ce5/DB.c:1243:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[-1] = read[len] = 4; data/daligner-1.0+git20200727.ed40ce5/DB.c:1245:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { read[len] = '\0'; data/daligner-1.0+git20200727.ed40ce5/DB.c:1246:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Number_Read(read); data/daligner-1.0+git20200727.ed40ce5/DB.c:1247:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[-1] = 4; data/daligner-1.0+git20200727.ed40ce5/DB.c:1251:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { if (*read < 4) data/daligner-1.0+git20200727.ed40ce5/DB.c:1252:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { read[len] = 4; data/daligner-1.0+git20200727.ed40ce5/DB.c:1254:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Lower_Read(read); data/daligner-1.0+git20200727.ed40ce5/DB.c:1256:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Upper_Read(read); data/daligner-1.0+git20200727.ed40ce5/DB.c:1257:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[-1] = '\0'; data/daligner-1.0+git20200727.ed40ce5/DB.c:1260:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { read[len] = '\0'; data/daligner-1.0+git20200727.ed40ce5/DB.c:1261:44: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((ascii == 1) != islower(*read)) data/daligner-1.0+git20200727.ed40ce5/DB.c:1262:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Change_Read(read); data/daligner-1.0+git20200727.ed40ce5/DB.c:1264:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[-1] = '\0'; data/daligner-1.0+git20200727.ed40ce5/DB.c:1276:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { if (fread(read,clen,1,bases) != 1) data/daligner-1.0+git20200727.ed40ce5/DB.c:1281:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Uncompress_Read(len,read); data/daligner-1.0+git20200727.ed40ce5/DB.c:1283:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { Lower_Read(read); data/daligner-1.0+git20200727.ed40ce5/DB.c:1284:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[-1] = '\0'; data/daligner-1.0+git20200727.ed40ce5/DB.c:1287:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { Upper_Read(read); data/daligner-1.0+git20200727.ed40ce5/DB.c:1288:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[-1] = '\0'; data/daligner-1.0+git20200727.ed40ce5/DB.c:1291:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[-1] = 4; data/daligner-1.0+git20200727.ed40ce5/DB.c:1303:64: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char *Load_Subread(DAZZ_DB *db, int i, int beg, int end, char *read, int ascii) data/daligner-1.0+git20200727.ed40ce5/DB.c:1317:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(read,(char *) bases + r[i].boff + beg,len); data/daligner-1.0+git20200727.ed40ce5/DB.c:1317:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). strncpy(read,(char *) bases + r[i].boff + beg,len); data/daligner-1.0+git20200727.ed40ce5/DB.c:1319:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { if (*read < 4) data/daligner-1.0+git20200727.ed40ce5/DB.c:1320:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[-1] = read[len] = 4; data/daligner-1.0+git20200727.ed40ce5/DB.c:1320:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[-1] = read[len] = 4; data/daligner-1.0+git20200727.ed40ce5/DB.c:1322:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { read[len] = '\0'; data/daligner-1.0+git20200727.ed40ce5/DB.c:1323:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Number_Read(read); data/daligner-1.0+git20200727.ed40ce5/DB.c:1324:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[-1] = 4; data/daligner-1.0+git20200727.ed40ce5/DB.c:1328:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { if (*read < 4) data/daligner-1.0+git20200727.ed40ce5/DB.c:1329:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { read[len] = 4; data/daligner-1.0+git20200727.ed40ce5/DB.c:1331:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Lower_Read(read); data/daligner-1.0+git20200727.ed40ce5/DB.c:1333:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Upper_Read(read); data/daligner-1.0+git20200727.ed40ce5/DB.c:1334:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[-1] = '\0'; data/daligner-1.0+git20200727.ed40ce5/DB.c:1337:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { read[len] = '\0'; data/daligner-1.0+git20200727.ed40ce5/DB.c:1338:44: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((ascii == 1) != islower(*read)) data/daligner-1.0+git20200727.ed40ce5/DB.c:1339:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Change_Read(read); data/daligner-1.0+git20200727.ed40ce5/DB.c:1341:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[-1] = '\0'; data/daligner-1.0+git20200727.ed40ce5/DB.c:1343:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return (read); data/daligner-1.0+git20200727.ed40ce5/DB.c:1356:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { if (fread(read,clen,1,bases) != 1) data/daligner-1.0+git20200727.ed40ce5/DB.c:1361:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Uncompress_Read(4*clen,read); data/daligner-1.0+git20200727.ed40ce5/DB.c:1363:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[len] = 4; data/daligner-1.0+git20200727.ed40ce5/DB.c:1365:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { Lower_Read(read); data/daligner-1.0+git20200727.ed40ce5/DB.c:1366:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[-1] = '\0'; data/daligner-1.0+git20200727.ed40ce5/DB.c:1369:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { Upper_Read(read); data/daligner-1.0+git20200727.ed40ce5/DB.c:1370:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[-1] = '\0'; data/daligner-1.0+git20200727.ed40ce5/DB.c:1373:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[-1] = 4; data/daligner-1.0+git20200727.ed40ce5/DB.c:1375:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return (read); data/daligner-1.0+git20200727.ed40ce5/DB.c:1705:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). DAZZ_READ read; data/daligner-1.0+git20200727.ed40ce5/DB.c:1731:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { if (fread(&read,sizeof(DAZZ_READ),1,indx) != 1) data/daligner-1.0+git20200727.ed40ce5/DB.c:1736:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff) data/daligner-1.0+git20200727.ed40ce5/DB.c:1736:54: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff) data/daligner-1.0+git20200727.ed40ce5/DB.c:1750:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { if (fread(&read,sizeof(DAZZ_READ),1,indx) != 1) data/daligner-1.0+git20200727.ed40ce5/DB.c:1755:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff) data/daligner-1.0+git20200727.ed40ce5/DB.c:1755:54: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff) data/daligner-1.0+git20200727.ed40ce5/DB.c:1770:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { if (fread(&read,sizeof(DAZZ_READ),1,indx) != 1) data/daligner-1.0+git20200727.ed40ce5/DB.c:1775:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff) data/daligner-1.0+git20200727.ed40ce5/DB.c:1775:54: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff) data/daligner-1.0+git20200727.ed40ce5/DB.c:2034:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). { strncpy(data,(void *) track->data + off,len); data/daligner-1.0+git20200727.ed40ce5/DB.c:2266:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(extra->name); data/daligner-1.0+git20200727.ed40ce5/DB.c:2426:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { DAZZ_READ read; data/daligner-1.0+git20200727.ed40ce5/DB.c:2429:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (fread(&read,sizeof(DAZZ_READ),1,indx) != 1) data/daligner-1.0+git20200727.ed40ce5/DB.c:2434:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fseeko(quiva,read.coff,SEEK_SET); data/daligner-1.0+git20200727.ed40ce5/DB.c:2767:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { int size = strlen(parse->pwd) + strlen(Block_Arg_Root(parse)) + 30; data/daligner-1.0+git20200727.ed40ce5/DB.c:2767:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { int size = strlen(parse->pwd) + strlen(Block_Arg_Root(parse)) + 30; data/daligner-1.0+git20200727.ed40ce5/DB.c:2799:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { int len = strlen(arg); data/daligner-1.0+git20200727.ed40ce5/DB.h:537:42: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int Load_Read(DAZZ_DB *db, int i, char *read, int ascii); data/daligner-1.0+git20200727.ed40ce5/DB.h:546:64: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char *Load_Subread(DAZZ_DB *db, int i, int beg, int end, char *read, int ascii); data/daligner-1.0+git20200727.ed40ce5/DB.h:573:43: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int Load_Arrow(DAZZ_DB *db, int i, char *read, int ascii); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:88:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strcmp(argv[1]+(strlen(argv[1])-4),".dam") == 0) data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:563:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strcmp(argv[1]+(strlen(argv[1])-4),".dam") == 0) data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:599:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strcmp(argv[2]+(strlen(argv[2])-4),".dam") == 0) data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:1086:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[1]); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:1087:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[2]); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:1088:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[3]); data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:1089:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[4]); data/daligner-1.0+git20200727.ed40ce5/LAcheck.c:177:25: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. int equal; data/daligner-1.0+git20200727.ed40ce5/LAcheck.c:343:21: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal) data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:246:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). clen = 2*strlen(TEMP_PATH) + 50; data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:260:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). clen += strlen(path) + strlen(root) + 30; data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:260:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). clen += strlen(path) + strlen(root) + 30; data/daligner-1.0+git20200727.ed40ce5/LAshow.c:96:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[1]); data/daligner-1.0+git20200727.ed40ce5/LAsort.c:356:25: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. { int j, equal; data/daligner-1.0+git20200727.ed40ce5/LAsort.c:377:25: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal) data/daligner-1.0+git20200727.ed40ce5/LAsplit.c:68:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strcmp(argv[2]+(strlen(argv[2])-4),".dam") == 0) data/daligner-1.0+git20200727.ed40ce5/QV.c:386:55: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). static void Encode(HScheme *scheme, FILE *out, uint8 *read, int rlen) data/daligner-1.0+git20200727.ed40ce5/QV.c:428:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { x = read[k]; data/daligner-1.0+git20200727.ed40ce5/QV.c:448:72: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). static void Encode_Run(HScheme *neme, HScheme *reme, FILE *out, uint8 *read, int rlen, int rchar) data/daligner-1.0+git20200727.ed40ce5/QV.c:477:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (k < rlen && read[k] == rchar) data/daligner-1.0+git20200727.ed40ce5/QV.c:489:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { x = read[k]; data/daligner-1.0+git20200727.ed40ce5/QV.c:510:52: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). static int Decode(HScheme *scheme, FILE *in, char *read, int rlen) data/daligner-1.0+git20200727.ed40ce5/QV.c:583:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[j] = (char) c; data/daligner-1.0+git20200727.ed40ce5/QV.c:595:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[j] = (char) c; data/daligner-1.0+git20200727.ed40ce5/QV.c:604:69: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). static int Decode_Run(HScheme *neme, HScheme *reme, FILE *in, char *read, data/daligner-1.0+git20200727.ed40ce5/QV.c:650:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[j++] = (char) rchar; data/daligner-1.0+git20200727.ed40ce5/QV.c:661:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[j] = (char) c; data/daligner-1.0+git20200727.ed40ce5/QV.c:675:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[j++] = (char) rchar; data/daligner-1.0+git20200727.ed40ce5/QV.c:686:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[j] = (char) c; data/daligner-1.0+git20200727.ed40ce5/QV.c:770:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rlen = strlen(Read); data/daligner-1.0+git20200727.ed40ce5/QV.c:782:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rlen += strlen(Read+rlen); data/daligner-1.0+git20200727.ed40ce5/QV.c:792:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (rlen != (int) strlen(other)) data/daligner-1.0+git20200727.ed40ce5/QV.c:1195:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(coding->prefix); data/daligner-1.0+git20200727.ed40ce5/daligner.c:427:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = 2*(strlen(aname) + strlen(bname) + strlen(spath)) + 200; data/daligner-1.0+git20200727.ed40ce5/daligner.c:427:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = 2*(strlen(aname) + strlen(bname) + strlen(spath)) + 200; data/daligner-1.0+git20200727.ed40ce5/daligner.c:427:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = 2*(strlen(aname) + strlen(bname) + strlen(spath)) + 200; data/daligner-1.0+git20200727.ed40ce5/daligner.c:445:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Prog_Name,(int) strlen(Prog_Name),"",command); data/daligner-1.0+git20200727.ed40ce5/daligner.c:598:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[1]); data/daligner-1.0+git20200727.ed40ce5/daligner.c:599:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[2]); data/daligner-1.0+git20200727.ed40ce5/daligner.c:600:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[3]); data/daligner-1.0+git20200727.ed40ce5/daligner.c:637:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newpath = (char *) Malloc(strlen(SORT_PATH)+30,"Allocating sort path"); data/daligner-1.0+git20200727.ed40ce5/daligner.c:696:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Prog_Name,(int) strlen(Prog_Name),"",command); \ data/daligner-1.0+git20200727.ed40ce5/filter.c:87:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). uint32 read; data/daligner-1.0+git20200727.ed40ce5/filter.c:700:54: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). printf(" %9d: %6d%c / %6d / %016llx\n",i,c->read>>1, data/daligner-1.0+git20200727.ed40ce5/filter.c:701:52: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (c->read&0x1)?'c':'n',(c->rpos & POST_MASK),c->code); data/daligner-1.0+git20200727.ed40ce5/filter.c:839:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ar = (asort[ia].read & ~0x1u); data/daligner-1.0+git20200727.ed40ce5/filter.c:840:45: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (ka < ia && asort[ka].read < ar) data/daligner-1.0+git20200727.ed40ce5/filter.c:954:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ar = (asort[ia].read & ~0x1u); data/daligner-1.0+git20200727.ed40ce5/filter.c:955:45: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (ka < ia && asort[ka].read < ar) data/daligner-1.0+git20200727.ed40ce5/filter.c:975:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { ar = asort[ka].read; data/daligner-1.0+git20200727.ed40ce5/filter.c:980:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { br = asort[a].read; data/daligner-1.0+git20200727.ed40ce5/filter.c:1003:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { ar = asort[ka].read; data/daligner-1.0+git20200727.ed40ce5/filter.c:1008:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { br = asort[a].read; data/daligner-1.0+git20200727.ed40ce5/filter.c:1081:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { ar = asort[a].read; data/daligner-1.0+git20200727.ed40ce5/filter.c:1086:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { br = bsort[b].read; data/daligner-1.0+git20200727.ed40ce5/filter.c:2265:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(aname) + strlen(bname) + 100; data/daligner-1.0+git20200727.ed40ce5/filter.c:2265:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(aname) + strlen(bname) + 100; ANALYSIS SUMMARY: Hits = 292 Lines analyzed = 19256 in approximately 0.54 seconds (35449 lines/second) Physical Source Lines of Code (SLOC) = 15254 Hits@level = [0] 937 [1] 152 [2] 62 [3] 0 [4] 78 [5] 0 Hits@level+ = [0+] 1229 [1+] 292 [2+] 140 [3+] 78 [4+] 78 [5+] 0 Hits/KSLOC@level+ = [0+] 80.569 [1+] 19.1425 [2+] 9.17792 [3+] 5.11341 [4+] 5.11341 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.