Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/daligner-1.0+git20200727.ed40ce5/DB.c
Examining data/daligner-1.0+git20200727.ed40ce5/DB.h
Examining data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c
Examining data/daligner-1.0+git20200727.ed40ce5/LAa2b.c
Examining data/daligner-1.0+git20200727.ed40ce5/LAb2a.c
Examining data/daligner-1.0+git20200727.ed40ce5/LAcat.c
Examining data/daligner-1.0+git20200727.ed40ce5/LAcheck.c
Examining data/daligner-1.0+git20200727.ed40ce5/LAdump.c
Examining data/daligner-1.0+git20200727.ed40ce5/LAmerge.c
Examining data/daligner-1.0+git20200727.ed40ce5/LAshow.c
Examining data/daligner-1.0+git20200727.ed40ce5/LAsort.c
Examining data/daligner-1.0+git20200727.ed40ce5/LAsplit.c
Examining data/daligner-1.0+git20200727.ed40ce5/QV.c
Examining data/daligner-1.0+git20200727.ed40ce5/QV.h
Examining data/daligner-1.0+git20200727.ed40ce5/align.c
Examining data/daligner-1.0+git20200727.ed40ce5/align.h
Examining data/daligner-1.0+git20200727.ed40ce5/daligner.c
Examining data/daligner-1.0+git20200727.ed40ce5/dumpLA.c
Examining data/daligner-1.0+git20200727.ed40ce5/filter.c
Examining data/daligner-1.0+git20200727.ed40ce5/filter.h
Examining data/daligner-1.0+git20200727.ed40ce5/lsd.sort.c
Examining data/daligner-1.0+git20200727.ed40ce5/lsd.sort.h
FINAL RESULTS:
data/daligner-1.0+git20200727.ed40ce5/DB.c:179:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cat,"%s%s%s%s",path,sep,root,suffix);
data/daligner-1.0+git20200727.ed40ce5/DB.c:200:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sfx,"%s%d%s",left,num,right);
data/daligner-1.0+git20200727.ed40ce5/DB.c:223:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cat,"%s%s%s%s",path,sep,root,suffix);
data/daligner-1.0+git20200727.ed40ce5/DB.c:244:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sfx,"%s%d%s",left,num,right);
data/daligner-1.0+git20200727.ed40ce5/DB.c:506:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_NFILE,&nfiles) != 1)
data/daligner-1.0+git20200727.ed40ce5/DB.c:538:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(dbfile,DB_FDATA,&nread,buf1,buf2) != 3)
data/daligner-1.0+git20200727.ed40ce5/DB.c:554:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_NBLOCK,&nblocks) != 1)
data/daligner-1.0+git20200727.ed40ce5/DB.c:557:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_PARAMS,&size,&cutoff,&all) != 3)
data/daligner-1.0+git20200727.ed40ce5/DB.c:567:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_BDATA,stub->ublocks+i,stub->tblocks+i) != 2)
data/daligner-1.0+git20200727.ed40ce5/DB.c:604:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_NFILE,&nfiles) != 1)
data/daligner-1.0+git20200727.ed40ce5/DB.c:609:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_NBLOCK,&nblocks) != 1)
data/daligner-1.0+git20200727.ed40ce5/DB.c:617:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_PARAMS,&size,&cutoff,&all) != 3)
data/daligner-1.0+git20200727.ed40ce5/DB.c:620:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_BDATA,&ufirst,&tfirst) != 2)
data/daligner-1.0+git20200727.ed40ce5/DB.c:622:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_BDATA,&ulast,&tlast) != 2)
data/daligner-1.0+git20200727.ed40ce5/DB.c:761:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_NFILE,&nfiles) != 1)
data/daligner-1.0+git20200727.ed40ce5/DB.c:766:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_FDATA,&tlast,fname,prolog) != 3)
data/daligner-1.0+git20200727.ed40ce5/DB.c:770:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_NBLOCK,&nblocks) != 1)
data/daligner-1.0+git20200727.ed40ce5/DB.c:781:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(dbvis,DB_PARAMS,&size,&cutoff,&all) != 3)
data/daligner-1.0+git20200727.ed40ce5/DB.c:793:15: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_BDATA,&ufirst,&tfirst) != 2)
data/daligner-1.0+git20200727.ed40ce5/DB.c:797:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_BDATA,&ulast,&tlast) != 2)
data/daligner-1.0+git20200727.ed40ce5/DB.c:2363:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_NFILE,&nfiles) != 1)
data/daligner-1.0+git20200727.ed40ce5/DB.c:2381:17: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/daligner-1.0+git20200727.ed40ce5/DB.c:2392:17: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/daligner-1.0+git20200727.ed40ce5/DB.c:2413:16: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
(void) fscanf(istub,DB_NFILE,&nfiles);
data/daligner-1.0+git20200727.ed40ce5/DB.c:2417:20: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ (void) fscanf(istub,DB_FDATA,&last,fname,prolog);
data/daligner-1.0+git20200727.ed40ce5/DB.c:2422:20: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ (void) fscanf(istub,DB_FDATA,&last,fname,prolog);
data/daligner-1.0+git20200727.ed40ce5/DB.c:2481:17: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/daligner-1.0+git20200727.ed40ce5/DB.c:2779:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parse->slice,"%s/%s",parse->pwd,parse->root);
data/daligner-1.0+git20200727.ed40ce5/DB.c:2781:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parse->slice,"%s/%s%c%d-%d%s",parse->pwd,parse->root,BLOCK_SYMBOL,parse->next+1,
data/daligner-1.0+git20200727.ed40ce5/DB.c:2883:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_NFILE,&nfiles) != 1)
data/daligner-1.0+git20200727.ed40ce5/DB.c:2888:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_NBLOCK,&nblocks) != 1)
data/daligner-1.0+git20200727.ed40ce5/DB.h:39:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define EPRINTF sprintf
data/daligner-1.0+git20200727.ed40ce5/DB.h:45:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define EPRINTF fprintf
data/daligner-1.0+git20200727.ed40ce5/DB.h:159:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{ if (fprintf(file,__VA_ARGS__) < 0) \
data/daligner-1.0+git20200727.ed40ce5/DB.h:164:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{ if (printf(__VA_ARGS__) < 0) \
data/daligner-1.0+git20200727.ed40ce5/DB.h:194:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(file,__VA_ARGS__) != Count_Args(#__VA_ARGS__)-1) \
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:200:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(name,"%s.00.MKDIR",ONAME);
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:215:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(name,"%s.01.OVL",ONAME);
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:237:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,HPC_ALIGN,NTHREADS,jobid++);
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:242:15: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,HPC_ALIGN,NTHREADS,(MINT*1024)/NTHREADS,jobid++);
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:244:15: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,HPC_ALIGN,NTHREADS,(16*1024)/NTHREADS,jobid++);
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:338:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"%s.02.CHECK.OPT",ONAME);
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:350:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,HPC_CHECK,jobid++);
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:395:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(name,"%s.03.MERGE",ONAME);
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:409:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,HPC_MERGE,jobid++);
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:461:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,HPC_MERGE,jobid++);
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:491:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"%s.04.RM.OPT",ONAME);
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:720:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(name,"%s.00.MKDIR",ONAME);
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:735:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(name,"%s.01.CMP",ONAME);
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:755:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,HPC_MALIGN,NTHREADS,jobid++);
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:759:15: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,HPC_MALIGN,NTHREADS,(MINT*1024)/NTHREADS,jobid++);
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:761:15: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,HPC_MALIGN,NTHREADS,(16*1024)/NTHREADS,jobid++);
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:845:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"%s.02.CHECK.OPT",ONAME);
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:858:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,HPC_MCHECK,jobid++);
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:900:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(name,"%s.03.MERGE",ONAME);
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:912:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,HPC_MMERGE,jobid++);
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:945:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"%s.04.RM",ONAME);
data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:324:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
com += sprintf(com," -P%s",TEMP_PATH);
data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:325:18: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
com += sprintf(com," %s/LM%d.P%d",TEMP_PATH,pid,i);
data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:329:23: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ com += sprintf(com," %s",Next_Block_Slice(parse,nfile[c]));
data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:342:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
com += sprintf(com," %s",Next_Block_Slice(parse,n));
data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:346:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(command);
data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:355:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
com += sprintf(com," %s %s/LM%d.P%c",argv[1],TEMP_PATH,pid,BLOCK_SYMBOL);
data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:356:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(command);
data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:358:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command,"rm %s/LM%d.P*.las",TEMP_PATH,pid);
data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:359:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(command);
data/daligner-1.0+git20200727.ed40ce5/daligner.c:442:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command,"rm -r %s",SORT_PATH);
data/daligner-1.0+git20200727.ed40ce5/daligner.c:443:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(command) != 0)
data/daligner-1.0+git20200727.ed40ce5/daligner.c:640:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newpath,"%s/daligner.%d",SORT_PATH,getpid());
data/daligner-1.0+git20200727.ed40ce5/daligner.c:694:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(command) != 0) \
data/daligner-1.0+git20200727.ed40ce5/daligner.c:702:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command,"LAsort %s %s %s/%s.%s.N%c",VERBOSE?"-v":"",
data/daligner-1.0+git20200727.ed40ce5/daligner.c:706:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command,"LAmerge %s %s %s.%s.las %s/%s.%s.N%c.S",VERBOSE?"-v":"",
data/daligner-1.0+git20200727.ed40ce5/daligner.c:712:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(command,"LAsort %s %s %s/%s.%s.N%c",VERBOSE?"-v":"",
data/daligner-1.0+git20200727.ed40ce5/daligner.c:716:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command,"LAmerge %s %s %s.%s.las %s/%s.%s.N%c.S",VERBOSE?"-v":"",
data/daligner-1.0+git20200727.ed40ce5/filter.c:2566:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname,"%s/%s.%s.N%d.las",SORT_PATH,aname,bname,i+1);
data/daligner-1.0+git20200727.ed40ce5/filter.c:2574:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(fname,"%s/%s.%s.N%d.las",SORT_PATH,bname,aname,i+1);
data/daligner-1.0+git20200727.ed40ce5/filter.c:2642:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(fname,"%s/%s.%s.N%d.las",SORT_PATH,aname,bname,i+1);
data/daligner-1.0+git20200727.ed40ce5/filter.c:2648:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(fname,"%s/%s.%s.N%d.las",SORT_PATH,bname,aname,i+1);
data/daligner-1.0+git20200727.ed40ce5/DB.c:42:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Ebuffer[1000];
data/daligner-1.0+git20200727.ed40ce5/DB.c:107:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(name,mode)) == NULL)
data/daligner-1.0+git20200727.ed40ce5/DB.c:334:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*s++ = (char ) ((s0[i] << 6) | (s1[i] << 4) | (s2[i] << 2) | s3[i]);
data/daligner-1.0+git20200727.ed40ce5/DB.c:368:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char letter[4] = { 'a', 'c', 'g', 't' };
data/daligner-1.0+git20200727.ed40ce5/DB.c:376:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char letter[4] = { 'A', 'C', 'G', 'T' };
data/daligner-1.0+git20200727.ed40ce5/DB.c:384:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char letter[4] = { '1', '2', '3', '4' };
data/daligner-1.0+git20200727.ed40ce5/DB.c:394:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char number[128] =
data/daligner-1.0+git20200727.ed40ce5/DB.c:419:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char arrow[128] =
data/daligner-1.0+git20200727.ed40ce5/DB.c:444:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char change[128] =
data/daligner-1.0+git20200727.ed40ce5/DB.c:482:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[MAX_NAME+100];
data/daligner-1.0+git20200727.ed40ce5/DB.c:483:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[MAX_NAME+100];
data/daligner-1.0+git20200727.ed40ce5/DB.c:592:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2*MAX_NAME+100];
data/daligner-1.0+git20200727.ed40ce5/DB.c:728:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dbvis = fopen(cat,"r")) == NULL)
data/daligner-1.0+git20200727.ed40ce5/DB.c:740:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dbvis = fopen(cat,"r")) == NULL)
data/daligner-1.0+git20200727.ed40ce5/DB.c:758:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAX_NAME], prolog[MAX_NAME];
data/daligner-1.0+git20200727.ed40ce5/DB.c:1650:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ afile = fopen(MyCatenate(db->path,MyNumbered_Suffix(".",db->part,"."),track,".anno"),"r");
data/daligner-1.0+git20200727.ed40ce5/DB.c:1654:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ afile = fopen(MyCatenate(db->path,".",track,".anno"),"r");
data/daligner-1.0+git20200727.ed40ce5/DB.c:1818:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ afile = fopen(MyCatenate(db->path,MyNumbered_Suffix(".",db->part,"."),track,".anno"),"r");
data/daligner-1.0+git20200727.ed40ce5/DB.c:1822:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ afile = fopen(MyCatenate(db->path,".",track,".anno"),"r");
data/daligner-1.0+git20200727.ed40ce5/DB.c:1842:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dfile = fopen(name,"r");
data/daligner-1.0+git20200727.ed40ce5/DB.c:2360:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prolog[MAX_NAME], fname[MAX_NAME];
data/daligner-1.0+git20200727.ed40ce5/DB.c:2700:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((input = fopen(MyCatenate(parse->pwd,"/",disp,".las"),"r")) == NULL)
data/daligner-1.0+git20200727.ed40ce5/DB.c:2867:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buffer[2*MAX_NAME+100];
data/daligner-1.0+git20200727.ed40ce5/DB.c:2873:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dbfile = fopen(dbname,"r");
data/daligner-1.0+git20200727.ed40ce5/DB.c:2876:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dbfile = fopen(dbname,"r");
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:82:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[100];
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:96:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dbvis = fopen(Catenate(pwd,"/",root,".dam"),"r");
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:106:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buffer[30001];
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:157:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ file = fopen(Catenate(pwd,"/",root,Numbered_Suffix(".",fblock-1,".las")),"r");
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:171:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(Catenate(pwd,"/",root,Numbered_Suffix(".",fblock,".las")),"r");
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:173:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(Catenate(pwd,"/",root,".las"),"r");
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:201:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:216:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:339:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:396:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:492:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:556:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[100];
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:571:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dbvis = fopen(Catenate(pwd1,"/",root1,".dam"),"r");
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:581:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buffer[30001];
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:613:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dbvis = fopen(Catenate(pwd2,"/",root2,".dam"),"r");
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:623:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buffer[30001];
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:681:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ file = fopen(Catenate(src2,".",root1,Numbered_Suffix(".",fblock-1,".las")),"r");
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:691:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ file = fopen(Catenate(src2,".",root1,Numbered_Suffix(".",fblock,".las")),"r");
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:699:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ file = fopen(Catenate(src2,".",root1,".las"),"r");
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:721:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:736:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:846:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:901:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:946:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/daligner-1.0+git20200727.ed40ce5/LAdump.c:121:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((input = fopen(Catenate(pwd,"/",root,".las"),"r")) != NULL)
data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:304:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[clen], *com;
data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:320:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
com += sprintf(com,"LAmerge");
data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:322:20: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
com += sprintf(com," -a");
data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:352:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
com += sprintf(com,"LAmerge");
data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:354:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
com += sprintf(com," -a");
data/daligner-1.0+git20200727.ed40ce5/LAshow.c:132:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((input = fopen(Catenate(pwd,"/",root,".las"),"r")) != NULL)
data/daligner-1.0+git20200727.ed40ce5/align.c:3292:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ToL[8] = { 'a', 'c', 'g', 't', '.', '[', ']', '-' };
data/daligner-1.0+git20200727.ed40ce5/align.c:3293:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ToU[8] = { 'A', 'C', 'G', 'T', '.', '[', ']', '-' };
data/daligner-1.0+git20200727.ed40ce5/dumpLA.c:37:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((output = fopen(Catenate(pwd,"/",root,".las"),"w")) == NULL)
data/daligner-1.0+git20200727.ed40ce5/filter.c:1335:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(trk,apath->trace,apath->tlen*sizeof(uint16));
data/daligner-1.0+git20200727.ed40ce5/lsd.sort.c:85:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(trg+x,src+i,DSIZE);
data/daligner-1.0+git20200727.ed40ce5/lsd.sort.c:92:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(trg+x,src+i,DSIZE);
data/daligner-1.0+git20200727.ed40ce5/DB.c:147:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ epos = strlen(find);
data/daligner-1.0+git20200727.ed40ce5/DB.c:148:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
epos -= strlen(suffix);
data/daligner-1.0+git20200727.ed40ce5/DB.c:167:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/daligner-1.0+git20200727.ed40ce5/DB.c:168:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(sep);
data/daligner-1.0+git20200727.ed40ce5/DB.c:169:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(root);
data/daligner-1.0+git20200727.ed40ce5/DB.c:170:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(suffix);
data/daligner-1.0+git20200727.ed40ce5/DB.c:190:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(left);
data/daligner-1.0+git20200727.ed40ce5/DB.c:191:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(right) + 40;
data/daligner-1.0+git20200727.ed40ce5/DB.c:211:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/daligner-1.0+git20200727.ed40ce5/DB.c:212:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(sep);
data/daligner-1.0+git20200727.ed40ce5/DB.c:213:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(root);
data/daligner-1.0+git20200727.ed40ce5/DB.c:214:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(suffix);
data/daligner-1.0+git20200727.ed40ce5/DB.c:234:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(left);
data/daligner-1.0+git20200727.ed40ce5/DB.c:235:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(right) + 40;
data/daligner-1.0+git20200727.ed40ce5/DB.c:697:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(path);
data/daligner-1.0+git20200727.ed40ce5/DB.c:1045:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(db->path)+1
data/daligner-1.0+git20200727.ed40ce5/DB.c:1060:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(t->name)+1
data/daligner-1.0+git20200727.ed40ce5/DB.c:1093:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(path);
data/daligner-1.0+git20200727.ed40ce5/DB.c:1098:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen = strlen(root);
data/daligner-1.0+git20200727.ed40ce5/DB.c:1136:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlen = strlen(name);
data/daligner-1.0+git20200727.ed40ce5/DB.c:1213:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ char *read;
data/daligner-1.0+git20200727.ed40ce5/DB.c:1227:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int Load_Read(DAZZ_DB *db, int i, char *read, int ascii)
data/daligner-1.0+git20200727.ed40ce5/DB.c:1240:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(read,(char *) bases + r[i].boff,len);
data/daligner-1.0+git20200727.ed40ce5/DB.c:1240:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
strncpy(read,(char *) bases + r[i].boff,len);
data/daligner-1.0+git20200727.ed40ce5/DB.c:1242:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (*read < 4)
data/daligner-1.0+git20200727.ed40ce5/DB.c:1243:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = read[len] = 4;
data/daligner-1.0+git20200727.ed40ce5/DB.c:1243:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = read[len] = 4;
data/daligner-1.0+git20200727.ed40ce5/DB.c:1245:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ read[len] = '\0';
data/daligner-1.0+git20200727.ed40ce5/DB.c:1246:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Number_Read(read);
data/daligner-1.0+git20200727.ed40ce5/DB.c:1247:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = 4;
data/daligner-1.0+git20200727.ed40ce5/DB.c:1251:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (*read < 4)
data/daligner-1.0+git20200727.ed40ce5/DB.c:1252:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ read[len] = 4;
data/daligner-1.0+git20200727.ed40ce5/DB.c:1254:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Lower_Read(read);
data/daligner-1.0+git20200727.ed40ce5/DB.c:1256:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Upper_Read(read);
data/daligner-1.0+git20200727.ed40ce5/DB.c:1257:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/daligner-1.0+git20200727.ed40ce5/DB.c:1260:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ read[len] = '\0';
data/daligner-1.0+git20200727.ed40ce5/DB.c:1261:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ascii == 1) != islower(*read))
data/daligner-1.0+git20200727.ed40ce5/DB.c:1262:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Change_Read(read);
data/daligner-1.0+git20200727.ed40ce5/DB.c:1264:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/daligner-1.0+git20200727.ed40ce5/DB.c:1276:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(read,clen,1,bases) != 1)
data/daligner-1.0+git20200727.ed40ce5/DB.c:1281:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Uncompress_Read(len,read);
data/daligner-1.0+git20200727.ed40ce5/DB.c:1283:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ Lower_Read(read);
data/daligner-1.0+git20200727.ed40ce5/DB.c:1284:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/daligner-1.0+git20200727.ed40ce5/DB.c:1287:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ Upper_Read(read);
data/daligner-1.0+git20200727.ed40ce5/DB.c:1288:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/daligner-1.0+git20200727.ed40ce5/DB.c:1291:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = 4;
data/daligner-1.0+git20200727.ed40ce5/DB.c:1303:64: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *Load_Subread(DAZZ_DB *db, int i, int beg, int end, char *read, int ascii)
data/daligner-1.0+git20200727.ed40ce5/DB.c:1317:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(read,(char *) bases + r[i].boff + beg,len);
data/daligner-1.0+git20200727.ed40ce5/DB.c:1317:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
strncpy(read,(char *) bases + r[i].boff + beg,len);
data/daligner-1.0+git20200727.ed40ce5/DB.c:1319:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (*read < 4)
data/daligner-1.0+git20200727.ed40ce5/DB.c:1320:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = read[len] = 4;
data/daligner-1.0+git20200727.ed40ce5/DB.c:1320:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = read[len] = 4;
data/daligner-1.0+git20200727.ed40ce5/DB.c:1322:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ read[len] = '\0';
data/daligner-1.0+git20200727.ed40ce5/DB.c:1323:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Number_Read(read);
data/daligner-1.0+git20200727.ed40ce5/DB.c:1324:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = 4;
data/daligner-1.0+git20200727.ed40ce5/DB.c:1328:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (*read < 4)
data/daligner-1.0+git20200727.ed40ce5/DB.c:1329:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ read[len] = 4;
data/daligner-1.0+git20200727.ed40ce5/DB.c:1331:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Lower_Read(read);
data/daligner-1.0+git20200727.ed40ce5/DB.c:1333:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Upper_Read(read);
data/daligner-1.0+git20200727.ed40ce5/DB.c:1334:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/daligner-1.0+git20200727.ed40ce5/DB.c:1337:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ read[len] = '\0';
data/daligner-1.0+git20200727.ed40ce5/DB.c:1338:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ascii == 1) != islower(*read))
data/daligner-1.0+git20200727.ed40ce5/DB.c:1339:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Change_Read(read);
data/daligner-1.0+git20200727.ed40ce5/DB.c:1341:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/daligner-1.0+git20200727.ed40ce5/DB.c:1343:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return (read);
data/daligner-1.0+git20200727.ed40ce5/DB.c:1356:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(read,clen,1,bases) != 1)
data/daligner-1.0+git20200727.ed40ce5/DB.c:1361:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Uncompress_Read(4*clen,read);
data/daligner-1.0+git20200727.ed40ce5/DB.c:1363:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[len] = 4;
data/daligner-1.0+git20200727.ed40ce5/DB.c:1365:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ Lower_Read(read);
data/daligner-1.0+git20200727.ed40ce5/DB.c:1366:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/daligner-1.0+git20200727.ed40ce5/DB.c:1369:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ Upper_Read(read);
data/daligner-1.0+git20200727.ed40ce5/DB.c:1370:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/daligner-1.0+git20200727.ed40ce5/DB.c:1373:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = 4;
data/daligner-1.0+git20200727.ed40ce5/DB.c:1375:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return (read);
data/daligner-1.0+git20200727.ed40ce5/DB.c:1705:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
DAZZ_READ read;
data/daligner-1.0+git20200727.ed40ce5/DB.c:1731:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(&read,sizeof(DAZZ_READ),1,indx) != 1)
data/daligner-1.0+git20200727.ed40ce5/DB.c:1736:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/daligner-1.0+git20200727.ed40ce5/DB.c:1736:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/daligner-1.0+git20200727.ed40ce5/DB.c:1750:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(&read,sizeof(DAZZ_READ),1,indx) != 1)
data/daligner-1.0+git20200727.ed40ce5/DB.c:1755:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/daligner-1.0+git20200727.ed40ce5/DB.c:1755:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/daligner-1.0+git20200727.ed40ce5/DB.c:1770:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(&read,sizeof(DAZZ_READ),1,indx) != 1)
data/daligner-1.0+git20200727.ed40ce5/DB.c:1775:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/daligner-1.0+git20200727.ed40ce5/DB.c:1775:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/daligner-1.0+git20200727.ed40ce5/DB.c:2034:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{ strncpy(data,(void *) track->data + off,len);
data/daligner-1.0+git20200727.ed40ce5/DB.c:2266:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(extra->name);
data/daligner-1.0+git20200727.ed40ce5/DB.c:2426:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ DAZZ_READ read;
data/daligner-1.0+git20200727.ed40ce5/DB.c:2429:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fread(&read,sizeof(DAZZ_READ),1,indx) != 1)
data/daligner-1.0+git20200727.ed40ce5/DB.c:2434:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fseeko(quiva,read.coff,SEEK_SET);
data/daligner-1.0+git20200727.ed40ce5/DB.c:2767:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ int size = strlen(parse->pwd) + strlen(Block_Arg_Root(parse)) + 30;
data/daligner-1.0+git20200727.ed40ce5/DB.c:2767:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ int size = strlen(parse->pwd) + strlen(Block_Arg_Root(parse)) + 30;
data/daligner-1.0+git20200727.ed40ce5/DB.c:2799:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ int len = strlen(arg);
data/daligner-1.0+git20200727.ed40ce5/DB.h:537:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int Load_Read(DAZZ_DB *db, int i, char *read, int ascii);
data/daligner-1.0+git20200727.ed40ce5/DB.h:546:64: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *Load_Subread(DAZZ_DB *db, int i, int beg, int end, char *read, int ascii);
data/daligner-1.0+git20200727.ed40ce5/DB.h:573:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int Load_Arrow(DAZZ_DB *db, int i, char *read, int ascii);
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:88:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcmp(argv[1]+(strlen(argv[1])-4),".dam") == 0)
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:563:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcmp(argv[1]+(strlen(argv[1])-4),".dam") == 0)
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:599:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcmp(argv[2]+(strlen(argv[2])-4),".dam") == 0)
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:1086:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[1]);
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:1087:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[2]);
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:1088:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[3]);
data/daligner-1.0+git20200727.ed40ce5/HPC.daligner.c:1089:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[4]);
data/daligner-1.0+git20200727.ed40ce5/LAcheck.c:177:25: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
int equal;
data/daligner-1.0+git20200727.ed40ce5/LAcheck.c:343:21: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal)
data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:246:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clen = 2*strlen(TEMP_PATH) + 50;
data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:260:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clen += strlen(path) + strlen(root) + 30;
data/daligner-1.0+git20200727.ed40ce5/LAmerge.c:260:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clen += strlen(path) + strlen(root) + 30;
data/daligner-1.0+git20200727.ed40ce5/LAshow.c:96:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[1]);
data/daligner-1.0+git20200727.ed40ce5/LAsort.c:356:25: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
{ int j, equal;
data/daligner-1.0+git20200727.ed40ce5/LAsort.c:377:25: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal)
data/daligner-1.0+git20200727.ed40ce5/LAsplit.c:68:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcmp(argv[2]+(strlen(argv[2])-4),".dam") == 0)
data/daligner-1.0+git20200727.ed40ce5/QV.c:386:55: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static void Encode(HScheme *scheme, FILE *out, uint8 *read, int rlen)
data/daligner-1.0+git20200727.ed40ce5/QV.c:428:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ x = read[k];
data/daligner-1.0+git20200727.ed40ce5/QV.c:448:72: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static void Encode_Run(HScheme *neme, HScheme *reme, FILE *out, uint8 *read, int rlen, int rchar)
data/daligner-1.0+git20200727.ed40ce5/QV.c:477:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (k < rlen && read[k] == rchar)
data/daligner-1.0+git20200727.ed40ce5/QV.c:489:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ x = read[k];
data/daligner-1.0+git20200727.ed40ce5/QV.c:510:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static int Decode(HScheme *scheme, FILE *in, char *read, int rlen)
data/daligner-1.0+git20200727.ed40ce5/QV.c:583:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j] = (char) c;
data/daligner-1.0+git20200727.ed40ce5/QV.c:595:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j] = (char) c;
data/daligner-1.0+git20200727.ed40ce5/QV.c:604:69: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static int Decode_Run(HScheme *neme, HScheme *reme, FILE *in, char *read,
data/daligner-1.0+git20200727.ed40ce5/QV.c:650:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j++] = (char) rchar;
data/daligner-1.0+git20200727.ed40ce5/QV.c:661:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j] = (char) c;
data/daligner-1.0+git20200727.ed40ce5/QV.c:675:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j++] = (char) rchar;
data/daligner-1.0+git20200727.ed40ce5/QV.c:686:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j] = (char) c;
data/daligner-1.0+git20200727.ed40ce5/QV.c:770:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen = strlen(Read);
data/daligner-1.0+git20200727.ed40ce5/QV.c:782:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen += strlen(Read+rlen);
data/daligner-1.0+git20200727.ed40ce5/QV.c:792:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (rlen != (int) strlen(other))
data/daligner-1.0+git20200727.ed40ce5/QV.c:1195:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(coding->prefix);
data/daligner-1.0+git20200727.ed40ce5/daligner.c:427:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = 2*(strlen(aname) + strlen(bname) + strlen(spath)) + 200;
data/daligner-1.0+git20200727.ed40ce5/daligner.c:427:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = 2*(strlen(aname) + strlen(bname) + strlen(spath)) + 200;
data/daligner-1.0+git20200727.ed40ce5/daligner.c:427:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = 2*(strlen(aname) + strlen(bname) + strlen(spath)) + 200;
data/daligner-1.0+git20200727.ed40ce5/daligner.c:445:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Prog_Name,(int) strlen(Prog_Name),"",command);
data/daligner-1.0+git20200727.ed40ce5/daligner.c:598:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[1]);
data/daligner-1.0+git20200727.ed40ce5/daligner.c:599:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[2]);
data/daligner-1.0+git20200727.ed40ce5/daligner.c:600:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[3]);
data/daligner-1.0+git20200727.ed40ce5/daligner.c:637:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newpath = (char *) Malloc(strlen(SORT_PATH)+30,"Allocating sort path");
data/daligner-1.0+git20200727.ed40ce5/daligner.c:696:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Prog_Name,(int) strlen(Prog_Name),"",command); \
data/daligner-1.0+git20200727.ed40ce5/filter.c:87:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32 read;
data/daligner-1.0+git20200727.ed40ce5/filter.c:700:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
printf(" %9d: %6d%c / %6d / %016llx\n",i,c->read>>1,
data/daligner-1.0+git20200727.ed40ce5/filter.c:701:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c->read&0x1)?'c':'n',(c->rpos & POST_MASK),c->code);
data/daligner-1.0+git20200727.ed40ce5/filter.c:839:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ar = (asort[ia].read & ~0x1u);
data/daligner-1.0+git20200727.ed40ce5/filter.c:840:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (ka < ia && asort[ka].read < ar)
data/daligner-1.0+git20200727.ed40ce5/filter.c:954:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ar = (asort[ia].read & ~0x1u);
data/daligner-1.0+git20200727.ed40ce5/filter.c:955:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (ka < ia && asort[ka].read < ar)
data/daligner-1.0+git20200727.ed40ce5/filter.c:975:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ ar = asort[ka].read;
data/daligner-1.0+git20200727.ed40ce5/filter.c:980:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ br = asort[a].read;
data/daligner-1.0+git20200727.ed40ce5/filter.c:1003:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ ar = asort[ka].read;
data/daligner-1.0+git20200727.ed40ce5/filter.c:1008:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ br = asort[a].read;
data/daligner-1.0+git20200727.ed40ce5/filter.c:1081:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ ar = asort[a].read;
data/daligner-1.0+git20200727.ed40ce5/filter.c:1086:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ br = bsort[b].read;
data/daligner-1.0+git20200727.ed40ce5/filter.c:2265:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(aname) + strlen(bname) + 100;
data/daligner-1.0+git20200727.ed40ce5/filter.c:2265:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(aname) + strlen(bname) + 100;
ANALYSIS SUMMARY:
Hits = 292
Lines analyzed = 19256 in approximately 0.54 seconds (35449 lines/second)
Physical Source Lines of Code (SLOC) = 15254
Hits@level = [0] 937 [1] 152 [2] 62 [3] 0 [4] 78 [5] 0
Hits@level+ = [0+] 1229 [1+] 292 [2+] 140 [3+] 78 [4+] 78 [5+] 0
Hits/KSLOC@level+ = [0+] 80.569 [1+] 19.1425 [2+] 9.17792 [3+] 5.11341 [4+] 5.11341 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.