Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/dazzdb-1.0+git20200727.d22ae58/Catrack.c
Examining data/dazzdb-1.0+git20200727.d22ae58/DAM2fasta.c
Examining data/dazzdb-1.0+git20200727.d22ae58/DB.c
Examining data/dazzdb-1.0+git20200727.d22ae58/DB.h
Examining data/dazzdb-1.0+git20200727.d22ae58/DB2arrow.c
Examining data/dazzdb-1.0+git20200727.d22ae58/DB2fasta.c
Examining data/dazzdb-1.0+git20200727.d22ae58/DB2quiva.c
Examining data/dazzdb-1.0+git20200727.d22ae58/DBa2b.c
Examining data/dazzdb-1.0+git20200727.d22ae58/DBb2a.c
Examining data/dazzdb-1.0+git20200727.d22ae58/DBdump.c
Examining data/dazzdb-1.0+git20200727.d22ae58/DBdust.c
Examining data/dazzdb-1.0+git20200727.d22ae58/DBmv.c
Examining data/dazzdb-1.0+git20200727.d22ae58/DBrm.c
Examining data/dazzdb-1.0+git20200727.d22ae58/DBshow.c
Examining data/dazzdb-1.0+git20200727.d22ae58/DBsplit.c
Examining data/dazzdb-1.0+git20200727.d22ae58/DBstats.c
Examining data/dazzdb-1.0+git20200727.d22ae58/DBtrim.c
Examining data/dazzdb-1.0+git20200727.d22ae58/DBwipe.c
Examining data/dazzdb-1.0+git20200727.d22ae58/QV.c
Examining data/dazzdb-1.0+git20200727.d22ae58/QV.h
Examining data/dazzdb-1.0+git20200727.d22ae58/arrow2DB.c
Examining data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c
Examining data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c
Examining data/dazzdb-1.0+git20200727.d22ae58/quiva2DB.c
Examining data/dazzdb-1.0+git20200727.d22ae58/rangen.c
Examining data/dazzdb-1.0+git20200727.d22ae58/simulator.c
FINAL RESULTS:
data/dazzdb-1.0+git20200727.d22ae58/DB.c:179:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cat,"%s%s%s%s",path,sep,root,suffix);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:200:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sfx,"%s%d%s",left,num,right);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:223:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cat,"%s%s%s%s",path,sep,root,suffix);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:244:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sfx,"%s%d%s",left,num,right);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:506:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_NFILE,&nfiles) != 1)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:538:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(dbfile,DB_FDATA,&nread,buf1,buf2) != 3)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:554:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_NBLOCK,&nblocks) != 1)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:557:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_PARAMS,&size,&cutoff,&all) != 3)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:567:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_BDATA,stub->ublocks+i,stub->tblocks+i) != 2)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:604:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_NFILE,&nfiles) != 1)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:609:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_NBLOCK,&nblocks) != 1)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:617:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_PARAMS,&size,&cutoff,&all) != 3)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:620:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_BDATA,&ufirst,&tfirst) != 2)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:622:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_BDATA,&ulast,&tlast) != 2)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:761:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_NFILE,&nfiles) != 1)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:766:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_FDATA,&tlast,fname,prolog) != 3)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:770:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_NBLOCK,&nblocks) != 1)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:781:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(dbvis,DB_PARAMS,&size,&cutoff,&all) != 3)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:793:15: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_BDATA,&ufirst,&tfirst) != 2)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:797:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_BDATA,&ulast,&tlast) != 2)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:2363:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_NFILE,&nfiles) != 1)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:2381:17: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:2392:17: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:2413:16: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
(void) fscanf(istub,DB_NFILE,&nfiles);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:2417:20: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ (void) fscanf(istub,DB_FDATA,&last,fname,prolog);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:2422:20: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ (void) fscanf(istub,DB_FDATA,&last,fname,prolog);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:2481:17: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:2779:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parse->slice,"%s/%s",parse->pwd,parse->root);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:2781:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parse->slice,"%s/%s%c%d-%d%s",parse->pwd,parse->root,BLOCK_SYMBOL,parse->next+1,
data/dazzdb-1.0+git20200727.d22ae58/DB.c:2883:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_NFILE,&nfiles) != 1)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:2888:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_NBLOCK,&nblocks) != 1)
data/dazzdb-1.0+git20200727.d22ae58/DB.h:39:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define EPRINTF sprintf
data/dazzdb-1.0+git20200727.d22ae58/DB.h:45:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define EPRINTF fprintf
data/dazzdb-1.0+git20200727.d22ae58/DB.h:159:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{ if (fprintf(file,__VA_ARGS__) < 0) \
data/dazzdb-1.0+git20200727.d22ae58/DB.h:164:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{ if (printf(__VA_ARGS__) < 0) \
data/dazzdb-1.0+git20200727.d22ae58/DB.h:194:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(file,__VA_ARGS__) != Count_Args(#__VA_ARGS__)-1) \
data/dazzdb-1.0+git20200727.d22ae58/DB2arrow.c:140:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lname,fname);
data/dazzdb-1.0+git20200727.d22ae58/DB2fasta.c:138:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lname,fname);
data/dazzdb-1.0+git20200727.d22ae58/DB2quiva.c:142:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lname,fname);
data/dazzdb-1.0+git20200727.d22ae58/DBa2b.c:35:17: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
scanf(" %s",mname[mno]);
data/dazzdb-1.0+git20200727.d22ae58/DBa2b.c:80:11: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
scanf(" %s",buffer[(int) code]);
data/dazzdb-1.0+git20200727.d22ae58/DBa2b.c:93:11: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
scanf(" %s",buffer[(int) code]);
data/dazzdb-1.0+git20200727.d22ae58/DBmv.c:38:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cat,"%s%s%s%s%s",path,sep1,root,sep2,suffix);
data/dazzdb-1.0+git20200727.d22ae58/DBtrim.c:221:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(dbfile,DB_BDATA,0,0);
data/dazzdb-1.0+git20200727.d22ae58/arrow2DB.c:163:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_NFILE,&nfiles) != 1)
data/dazzdb-1.0+git20200727.d22ae58/arrow2DB.c:240:23: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/dazzdb-1.0+git20200727.d22ae58/arrow2DB.c:283:23: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/dazzdb-1.0+git20200727.d22ae58/arrow2DB.c:320:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lname,fname);
data/dazzdb-1.0+git20200727.d22ae58/arrow2DB.c:321:17: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:270:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(istub,DB_NFILE,&ofiles) != 1)
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:302:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostub,DB_NFILE,ofiles+ifiles);
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:308:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:315:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostub,DB_FDATA,last,fname,prolog);
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:521:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostub,DB_FDATA,ureads,core,core);
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:569:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_NBLOCK,&nblock) != 1)
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:574:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostub,DB_NBLOCK,0);
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:575:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_PARAMS,&size,&cutoff,&allflag) != 3)
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:579:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostub,DB_PARAMS,size,cutoff,allflag);
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:587:15: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(istub,DB_BDATA,&ufirst,&tfirst) != 2)
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:591:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostub,DB_BDATA,ufirst,tfirst);
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:621:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{ fprintf(ostub,DB_BDATA,ureads,tfirst);
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:629:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostub,DB_NBLOCK,nblock); // Rewind and record the new number of blocks
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:635:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostub,DB_NFILE,ofiles);
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:263:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(istub,DB_NFILE,&ocells) != 1)
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:298:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (fprintf(ostub,DB_NFILE,ocells+ifiles) < 0) // Will write again with correct value at end
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:307:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:317:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (fprintf(ostub,DB_FDATA,last,fname,prolog) < 0)
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:454:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prolog,read+1);
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:459:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prolog,read+1);
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:490:19: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{ fprintf(ostub,DB_FDATA,ureads,core,prolog);
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:492:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prolog,read+(rlen+1));
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:601:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostub,DB_FDATA,ureads,core,prolog);
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:650:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_NBLOCK,&nblock) != 1)
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:655:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostub,DB_NBLOCK,0);
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:656:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_PARAMS,&size,&cutoff,&allflag) != 3)
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:660:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostub,DB_PARAMS,size,cutoff,allflag);
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:668:15: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(istub,DB_BDATA,&ufirst,&tfirst) != 2)
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:672:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostub,DB_BDATA,ufirst,tfirst);
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:702:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{ fprintf(ostub,DB_BDATA,ureads,tfirst);
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:709:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostub,DB_NBLOCK,nblock); // Rewind and record the new number of blocks
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:718:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostub,DB_NFILE,ocells);
data/dazzdb-1.0+git20200727.d22ae58/quiva2DB.c:169:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_NFILE,&nfiles) != 1)
data/dazzdb-1.0+git20200727.d22ae58/quiva2DB.c:248:23: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/dazzdb-1.0+git20200727.d22ae58/quiva2DB.c:295:23: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/dazzdb-1.0+git20200727.d22ae58/quiva2DB.c:332:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lname,fname);
data/dazzdb-1.0+git20200727.d22ae58/quiva2DB.c:333:17: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/dazzdb-1.0+git20200727.d22ae58/rangen.c:52:13: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
{ x = drand48();
data/dazzdb-1.0+git20200727.d22ae58/rangen.c:66:13: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
{ x = drand48();
data/dazzdb-1.0+git20200727.d22ae58/simulator.c:265:19: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
{ x = drand48();
data/dazzdb-1.0+git20200727.d22ae58/simulator.c:366:40: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
scf = bin_search(nscaffs,weights,drand48()) - 1; // Pick a scaffold with probabilitye
data/dazzdb-1.0+git20200727.d22ae58/simulator.c:369:13: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
uni = drand48();
data/dazzdb-1.0+git20200727.d22ae58/simulator.c:377:21: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
rbeg = (int) (drand48()*slen); // Pick a spot for read start
data/dazzdb-1.0+git20200727.d22ae58/simulator.c:381:15: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
{ if (drand48() < .5) // Pick direction and trim if necessary
data/dazzdb-1.0+git20200727.d22ae58/simulator.c:408:22: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
{ double x = drand48();
data/dazzdb-1.0+git20200727.d22ae58/simulator.c:430:24: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
while ((len+1) * drand48() < ins)
data/dazzdb-1.0+git20200727.d22ae58/simulator.c:431:29: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
{ *t++ = (char) (4.*drand48());
data/dazzdb-1.0+git20200727.d22ae58/simulator.c:435:21: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
{ if (len * drand48() >= sdl)
data/dazzdb-1.0+git20200727.d22ae58/simulator.c:437:26: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
else if (sdl * drand48() >= del)
data/dazzdb-1.0+git20200727.d22ae58/simulator.c:438:29: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
{ double x = 3.*drand48();
data/dazzdb-1.0+git20200727.d22ae58/simulator.c:451:24: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
while (len * drand48() < ins)
data/dazzdb-1.0+git20200727.d22ae58/simulator.c:452:33: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
{ *t++ = (char) (4.*drand48());
data/dazzdb-1.0+git20200727.d22ae58/simulator.c:458:11: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (drand48() >= FLIP_RATE) // Complement the string with probability FLIP_RATE.
data/dazzdb-1.0+git20200727.d22ae58/Catrack.c:106:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1024];
data/dazzdb-1.0+git20200727.d22ae58/Catrack.c:120:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
aout = fopen(Catenate(prefix,argv[c],".","anno"),"r");
data/dazzdb-1.0+git20200727.d22ae58/Catrack.c:129:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dout = fopen(Catenate(prefix,argv[c],".","data"),"r");
data/dazzdb-1.0+git20200727.d22ae58/Catrack.c:168:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
afile = fopen(afile_name,"r");
data/dazzdb-1.0+git20200727.d22ae58/Catrack.c:174:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dfile = fopen(dfile_name,"r");
data/dazzdb-1.0+git20200727.d22ae58/DAM2fasta.c:108:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nstring[WIDTH+1];
data/dazzdb-1.0+git20200727.d22ae58/DAM2fasta.c:124:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prolog[MAX_NAME], fname[MAX_NAME], header[MAX_NAME];
data/dazzdb-1.0+git20200727.d22ae58/DB.c:42:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Ebuffer[1000];
data/dazzdb-1.0+git20200727.d22ae58/DB.c:107:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(name,mode)) == NULL)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:334:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*s++ = (char ) ((s0[i] << 6) | (s1[i] << 4) | (s2[i] << 2) | s3[i]);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:368:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char letter[4] = { 'a', 'c', 'g', 't' };
data/dazzdb-1.0+git20200727.d22ae58/DB.c:376:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char letter[4] = { 'A', 'C', 'G', 'T' };
data/dazzdb-1.0+git20200727.d22ae58/DB.c:384:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char letter[4] = { '1', '2', '3', '4' };
data/dazzdb-1.0+git20200727.d22ae58/DB.c:394:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char number[128] =
data/dazzdb-1.0+git20200727.d22ae58/DB.c:419:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char arrow[128] =
data/dazzdb-1.0+git20200727.d22ae58/DB.c:444:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char change[128] =
data/dazzdb-1.0+git20200727.d22ae58/DB.c:482:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[MAX_NAME+100];
data/dazzdb-1.0+git20200727.d22ae58/DB.c:483:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[MAX_NAME+100];
data/dazzdb-1.0+git20200727.d22ae58/DB.c:592:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2*MAX_NAME+100];
data/dazzdb-1.0+git20200727.d22ae58/DB.c:728:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dbvis = fopen(cat,"r")) == NULL)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:740:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dbvis = fopen(cat,"r")) == NULL)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:758:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAX_NAME], prolog[MAX_NAME];
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1650:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ afile = fopen(MyCatenate(db->path,MyNumbered_Suffix(".",db->part,"."),track,".anno"),"r");
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1654:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ afile = fopen(MyCatenate(db->path,".",track,".anno"),"r");
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1818:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ afile = fopen(MyCatenate(db->path,MyNumbered_Suffix(".",db->part,"."),track,".anno"),"r");
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1822:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ afile = fopen(MyCatenate(db->path,".",track,".anno"),"r");
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1842:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dfile = fopen(name,"r");
data/dazzdb-1.0+git20200727.d22ae58/DB.c:2360:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prolog[MAX_NAME], fname[MAX_NAME];
data/dazzdb-1.0+git20200727.d22ae58/DB.c:2700:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((input = fopen(MyCatenate(parse->pwd,"/",disp,".las"),"r")) == NULL)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:2867:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buffer[2*MAX_NAME+100];
data/dazzdb-1.0+git20200727.d22ae58/DB.c:2873:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dbfile = fopen(dbname,"r");
data/dazzdb-1.0+git20200727.d22ae58/DB.c:2876:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dbfile = fopen(dbname,"r");
data/dazzdb-1.0+git20200727.d22ae58/DB2arrow.c:93:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lname[MAX_NAME];
data/dazzdb-1.0+git20200727.d22ae58/DB2arrow.c:105:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prolog[MAX_NAME], fname[MAX_NAME];
data/dazzdb-1.0+git20200727.d22ae58/DB2fasta.c:91:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lname[MAX_NAME];
data/dazzdb-1.0+git20200727.d22ae58/DB2fasta.c:103:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prolog[MAX_NAME], fname[MAX_NAME];
data/dazzdb-1.0+git20200727.d22ae58/DB2quiva.c:92:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lname[MAX_NAME];
data/dazzdb-1.0+git20200727.d22ae58/DB2quiva.c:105:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prolog[MAX_NAME], fname[MAX_NAME];
data/dazzdb-1.0+git20200727.d22ae58/DBa2b.c:11:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *buffer[256];
data/dazzdb-1.0+git20200727.d22ae58/DBb2a.c:11:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *buffer[256];
data/dazzdb-1.0+git20200727.d22ae58/DBdump.c:50:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char nbuffer[MAX_BUFFER];
data/dazzdb-1.0+git20200727.d22ae58/DBdump.c:567:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char header[MAX_NAME];
data/dazzdb-1.0+git20200727.d22ae58/DBdump.c:655:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qvname[5] = { 'd', 'c', 'i', 'm', 's' };
data/dazzdb-1.0+git20200727.d22ae58/DBdump.c:730:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char header[MAX_NAME];
data/dazzdb-1.0+git20200727.d22ae58/DBdust.c:129:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((afile = fopen(fname,"r+")) == NULL || db->part > 0)
data/dazzdb-1.0+git20200727.d22ae58/DBshow.c:55:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char nbuffer[MAX_BUFFER];
data/dazzdb-1.0+git20200727.d22ae58/DBshow.c:511:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char header[MAX_NAME];
data/dazzdb-1.0+git20200727.d22ae58/DBsplit.c:136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2*MAX_NAME+100];
data/dazzdb-1.0+git20200727.d22ae58/DBtrim.c:115:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2*MAX_NAME+100];
data/dazzdb-1.0+git20200727.d22ae58/arrow2DB.c:63:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char nbuffer[MAX_NAME+8];
data/dazzdb-1.0+git20200727.d22ae58/arrow2DB.c:126:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
INFILE = fopen(argv[i]+2,"r");
data/dazzdb-1.0+git20200727.d22ae58/arrow2DB.c:211:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lname[MAX_NAME];
data/dazzdb-1.0+git20200727.d22ae58/arrow2DB.c:230:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char prolog[MAX_NAME], fname[MAX_NAME];
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:40:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char number[128] =
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:86:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char nbuffer[MAX_NAME+8];
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:154:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
IFILE = fopen(argv[i]+2,"r");
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:165:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
temp = fopen(PIPE,"w");
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:250:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
istub = fopen(dbname,"r");
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:306:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prolog[MAX_NAME], fname[MAX_NAME];
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:40:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char number[128] =
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:86:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char nbuffer[MAX_NAME+8];
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:154:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
IFILE = fopen(argv[i]+2,"r");
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:165:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
temp = fopen(PIPE,"w");
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:248:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
istub = fopen(dbname,"r");
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:305:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prolog[MAX_NAME], fname[MAX_NAME];
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:362:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prolog[MAX_NAME];
data/dazzdb-1.0+git20200727.d22ae58/quiva2DB.c:63:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char nbuffer[MAX_NAME+8];
data/dazzdb-1.0+git20200727.d22ae58/quiva2DB.c:129:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
INFILE = fopen(argv[i]+2,"r");
data/dazzdb-1.0+git20200727.d22ae58/quiva2DB.c:225:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lname[MAX_NAME];
data/dazzdb-1.0+git20200727.d22ae58/quiva2DB.c:238:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char prolog[MAX_NAME], fname[MAX_NAME];
data/dazzdb-1.0+git20200727.d22ae58/Catrack.c:72:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(argv[1]);
data/dazzdb-1.0+git20200727.d22ae58/DAM2fasta.c:106:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *read;
data/dazzdb-1.0+git20200727.d22ae58/DAM2fasta.c:188:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Load_Read(db,i,read,UPPER);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:147:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ epos = strlen(find);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:148:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
epos -= strlen(suffix);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:167:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:168:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(sep);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:169:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(root);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:170:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(suffix);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:190:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(left);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:191:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(right) + 40;
data/dazzdb-1.0+git20200727.d22ae58/DB.c:211:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:212:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(sep);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:213:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(root);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:214:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(suffix);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:234:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(left);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:235:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(right) + 40;
data/dazzdb-1.0+git20200727.d22ae58/DB.c:697:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(path);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1045:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(db->path)+1
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1060:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(t->name)+1
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1093:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(path);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1098:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen = strlen(root);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1136:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlen = strlen(name);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1213:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ char *read;
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1227:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int Load_Read(DAZZ_DB *db, int i, char *read, int ascii)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1240:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(read,(char *) bases + r[i].boff,len);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1240:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
strncpy(read,(char *) bases + r[i].boff,len);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1242:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (*read < 4)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1243:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = read[len] = 4;
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1243:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = read[len] = 4;
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1245:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ read[len] = '\0';
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1246:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Number_Read(read);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1247:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = 4;
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1251:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (*read < 4)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1252:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ read[len] = 4;
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1254:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Lower_Read(read);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1256:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Upper_Read(read);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1257:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1260:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ read[len] = '\0';
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1261:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ascii == 1) != islower(*read))
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1262:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Change_Read(read);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1264:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1276:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(read,clen,1,bases) != 1)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1281:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Uncompress_Read(len,read);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1283:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ Lower_Read(read);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1284:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1287:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ Upper_Read(read);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1288:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1291:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = 4;
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1303:64: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *Load_Subread(DAZZ_DB *db, int i, int beg, int end, char *read, int ascii)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1317:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(read,(char *) bases + r[i].boff + beg,len);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1317:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
strncpy(read,(char *) bases + r[i].boff + beg,len);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1319:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (*read < 4)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1320:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = read[len] = 4;
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1320:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = read[len] = 4;
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1322:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ read[len] = '\0';
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1323:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Number_Read(read);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1324:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = 4;
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1328:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (*read < 4)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1329:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ read[len] = 4;
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1331:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Lower_Read(read);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1333:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Upper_Read(read);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1334:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1337:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ read[len] = '\0';
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1338:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ascii == 1) != islower(*read))
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1339:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Change_Read(read);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1341:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1343:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return (read);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1356:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(read,clen,1,bases) != 1)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1361:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Uncompress_Read(4*clen,read);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1363:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[len] = 4;
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1365:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ Lower_Read(read);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1366:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1369:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ Upper_Read(read);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1370:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1373:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = 4;
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1375:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return (read);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1705:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
DAZZ_READ read;
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1731:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(&read,sizeof(DAZZ_READ),1,indx) != 1)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1736:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1736:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1750:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(&read,sizeof(DAZZ_READ),1,indx) != 1)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1755:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1755:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1770:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(&read,sizeof(DAZZ_READ),1,indx) != 1)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1775:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:1775:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:2034:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{ strncpy(data,(void *) track->data + off,len);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:2266:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(extra->name);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:2426:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ DAZZ_READ read;
data/dazzdb-1.0+git20200727.d22ae58/DB.c:2429:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fread(&read,sizeof(DAZZ_READ),1,indx) != 1)
data/dazzdb-1.0+git20200727.d22ae58/DB.c:2434:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fseeko(quiva,read.coff,SEEK_SET);
data/dazzdb-1.0+git20200727.d22ae58/DB.c:2767:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ int size = strlen(parse->pwd) + strlen(Block_Arg_Root(parse)) + 30;
data/dazzdb-1.0+git20200727.d22ae58/DB.c:2767:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ int size = strlen(parse->pwd) + strlen(Block_Arg_Root(parse)) + 30;
data/dazzdb-1.0+git20200727.d22ae58/DB.c:2799:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ int len = strlen(arg);
data/dazzdb-1.0+git20200727.d22ae58/DB.h:537:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int Load_Read(DAZZ_DB *db, int i, char *read, int ascii);
data/dazzdb-1.0+git20200727.d22ae58/DB.h:546:64: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *Load_Subread(DAZZ_DB *db, int i, int beg, int end, char *read, int ascii);
data/dazzdb-1.0+git20200727.d22ae58/DB.h:573:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int Load_Arrow(DAZZ_DB *db, int i, char *read, int ascii);
data/dazzdb-1.0+git20200727.d22ae58/DB2arrow.c:96:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *read;
data/dazzdb-1.0+git20200727.d22ae58/DB2arrow.c:164:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Load_Arrow(db,i,read,1);
data/dazzdb-1.0+git20200727.d22ae58/DB2fasta.c:94:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *read;
data/dazzdb-1.0+git20200727.d22ae58/DB2fasta.c:158:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Load_Read(db,i,read,UPPER);
data/dazzdb-1.0+git20200727.d22ae58/DBdump.c:34:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read;
data/dazzdb-1.0+git20200727.d22ae58/DBdump.c:66:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
x = sscanf(nbuffer," %d %d %d",&(it->read),&(it->beg),&(it->end));
data/dazzdb-1.0+git20200727.d22ae58/DBdump.c:164:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[1]);
data/dazzdb-1.0+git20200727.d22ae58/DBdump.c:516:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
e = iter->read;
data/dazzdb-1.0+git20200727.d22ae58/DBdump.c:553:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ ten = strlen(ffile[map+1]);
data/dazzdb-1.0+git20200727.d22ae58/DBdump.c:571:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
header[strlen(header)-1] = '\0';
data/dazzdb-1.0+git20200727.d22ae58/DBdump.c:572:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ten = strlen(header);
data/dazzdb-1.0+git20200727.d22ae58/DBdump.c:580:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ten = strlen(fhead[map]);
data/dazzdb-1.0+git20200727.d22ae58/DBdump.c:631:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PRINTF("@ T%d %lld %ld %s\n",m,trkmax[m],strlen(MASK[m]),MASK[m])
data/dazzdb-1.0+git20200727.d22ae58/DBdump.c:651:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *read, *arrow, **entry;
data/dazzdb-1.0+git20200727.d22ae58/DBdump.c:682:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
e = iter->read;
data/dazzdb-1.0+git20200727.d22ae58/DBdump.c:721:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ PRINTF("F %ld %s\n",strlen(ffile[map+1]),ffile[map+1])
data/dazzdb-1.0+git20200727.d22ae58/DBdump.c:734:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
header[strlen(header)-1] = '\0';
data/dazzdb-1.0+git20200727.d22ae58/DBdump.c:735:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PRINTF("H %ld %s\n",strlen(header),header)
data/dazzdb-1.0+git20200727.d22ae58/DBdump.c:741:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PRINTF("H %ld %s\n",strlen(fhead[map]),fhead[map])
data/dazzdb-1.0+git20200727.d22ae58/DBdump.c:763:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Load_Read(db,i,read,UPPER);
data/dazzdb-1.0+git20200727.d22ae58/DBdust.c:166:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *read, *lag2;
data/dazzdb-1.0+git20200727.d22ae58/DBdust.c:209:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Load_Read(db,i,read,0);
data/dazzdb-1.0+git20200727.d22ae58/DBdust.c:211:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = (read[0] << 2) | read[1]; // Convert to triple codes
data/dazzdb-1.0+git20200727.d22ae58/DBdust.c:211:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = (read[0] << 2) | read[1]; // Convert to triple codes
data/dazzdb-1.0+git20200727.d22ae58/DBdust.c:213:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ c = ((c << 2) & 0x3f) | read[j];
data/dazzdb-1.0+git20200727.d22ae58/DBdust.c:230:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ c = read[j];
data/dazzdb-1.0+git20200727.d22ae58/DBdust.c:242:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ d = read[++wb];
data/dazzdb-1.0+git20200727.d22ae58/DBdust.c:248:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ d = read[++lb];
data/dazzdb-1.0+git20200727.d22ae58/DBdust.c:255:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ d = read[++lb];
data/dazzdb-1.0+git20200727.d22ae58/DBdust.c:285:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ d = read[c];
data/dazzdb-1.0+git20200727.d22ae58/DBdust.c:312:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ d = read[c];
data/dazzdb-1.0+git20200727.d22ae58/DBdust.c:324:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ c = read[j];
data/dazzdb-1.0+git20200727.d22ae58/DBdust.c:336:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ d = read[++wb];
data/dazzdb-1.0+git20200727.d22ae58/DBdust.c:342:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ d = read[++lb];
data/dazzdb-1.0+git20200727.d22ae58/DBdust.c:349:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ d = read[++lb];
data/dazzdb-1.0+git20200727.d22ae58/DBdust.c:379:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ d = read[c];
data/dazzdb-1.0+git20200727.d22ae58/DBdust.c:406:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ d = read[c];
data/dazzdb-1.0+git20200727.d22ae58/DBdust.c:450:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Load_Read(db,i,read,0);
data/dazzdb-1.0+git20200727.d22ae58/DBdust.c:457:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
printf("%c",Caps[(int) read[c]]);
data/dazzdb-1.0+git20200727.d22ae58/DBdust.c:459:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
printf("%c",Lowr[(int) read[c]]);
data/dazzdb-1.0+git20200727.d22ae58/DBmv.c:33:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path) + strlen(sep1) + strlen(root) + strlen(sep2) + strlen(suffix);
data/dazzdb-1.0+git20200727.d22ae58/DBmv.c:33:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path) + strlen(sep1) + strlen(root) + strlen(sep2) + strlen(suffix);
data/dazzdb-1.0+git20200727.d22ae58/DBmv.c:33:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path) + strlen(sep1) + strlen(root) + strlen(sep2) + strlen(suffix);
data/dazzdb-1.0+git20200727.d22ae58/DBmv.c:33:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path) + strlen(sep1) + strlen(root) + strlen(sep2) + strlen(suffix);
data/dazzdb-1.0+git20200727.d22ae58/DBmv.c:33:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path) + strlen(sep1) + strlen(root) + strlen(sep2) + strlen(suffix);
data/dazzdb-1.0+git20200727.d22ae58/DBmv.c:82:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcmp(argv[1]+(strlen(argv[1])-4),".dam") == 0)
data/dazzdb-1.0+git20200727.d22ae58/DBshow.c:39:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read;
data/dazzdb-1.0+git20200727.d22ae58/DBshow.c:71:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
x = sscanf(nbuffer," %d %d %d",&(it->read),&(it->beg),&(it->end));
data/dazzdb-1.0+git20200727.d22ae58/DBshow.c:170:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[1]);
data/dazzdb-1.0+git20200727.d22ae58/DBshow.c:419:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *read, *arrow, **entry;
data/dazzdb-1.0+git20200727.d22ae58/DBshow.c:466:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
e = iter->read;
data/dazzdb-1.0+git20200727.d22ae58/DBshow.c:515:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
header[strlen(header)-1] = '\0';
data/dazzdb-1.0+git20200727.d22ae58/DBshow.c:539:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Load_Read(db,i,read,UPPER);
data/dazzdb-1.0+git20200727.d22ae58/DBshow.c:559:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (iscase(read[m]))
data/dazzdb-1.0+git20200727.d22ae58/DBshow.c:560:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[m] = (char) (read[m] + hilight);
data/dazzdb-1.0+git20200727.d22ae58/DBshow.c:560:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[m] = (char) (read[m] + hilight);
data/dazzdb-1.0+git20200727.d22ae58/DBshow.c:626:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read[k] != last)
data/dazzdb-1.0+git20200727.d22ae58/DBshow.c:627:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ PRINTF("%c",read[k]);
data/dazzdb-1.0+git20200727.d22ae58/DBshow.c:628:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
last = read[k];
data/dazzdb-1.0+git20200727.d22ae58/DBshow.c:633:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read[k] != last)
data/dazzdb-1.0+git20200727.d22ae58/DBshow.c:634:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ PRINTF("%c",read[k]);
data/dazzdb-1.0+git20200727.d22ae58/DBshow.c:635:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
last = read[k];
data/dazzdb-1.0+git20200727.d22ae58/QV.c:386:55: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static void Encode(HScheme *scheme, FILE *out, uint8 *read, int rlen)
data/dazzdb-1.0+git20200727.d22ae58/QV.c:428:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ x = read[k];
data/dazzdb-1.0+git20200727.d22ae58/QV.c:448:72: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static void Encode_Run(HScheme *neme, HScheme *reme, FILE *out, uint8 *read, int rlen, int rchar)
data/dazzdb-1.0+git20200727.d22ae58/QV.c:477:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (k < rlen && read[k] == rchar)
data/dazzdb-1.0+git20200727.d22ae58/QV.c:489:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ x = read[k];
data/dazzdb-1.0+git20200727.d22ae58/QV.c:510:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static int Decode(HScheme *scheme, FILE *in, char *read, int rlen)
data/dazzdb-1.0+git20200727.d22ae58/QV.c:583:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j] = (char) c;
data/dazzdb-1.0+git20200727.d22ae58/QV.c:595:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j] = (char) c;
data/dazzdb-1.0+git20200727.d22ae58/QV.c:604:69: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static int Decode_Run(HScheme *neme, HScheme *reme, FILE *in, char *read,
data/dazzdb-1.0+git20200727.d22ae58/QV.c:650:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j++] = (char) rchar;
data/dazzdb-1.0+git20200727.d22ae58/QV.c:661:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j] = (char) c;
data/dazzdb-1.0+git20200727.d22ae58/QV.c:675:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j++] = (char) rchar;
data/dazzdb-1.0+git20200727.d22ae58/QV.c:686:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j] = (char) c;
data/dazzdb-1.0+git20200727.d22ae58/QV.c:770:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen = strlen(Read);
data/dazzdb-1.0+git20200727.d22ae58/QV.c:782:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen += strlen(Read+rlen);
data/dazzdb-1.0+git20200727.d22ae58/QV.c:792:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (rlen != (int) strlen(other))
data/dazzdb-1.0+git20200727.d22ae58/QV.c:1195:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(coding->prefix);
data/dazzdb-1.0+git20200727.d22ae58/arrow2DB.c:208:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *read;
data/dazzdb-1.0+git20200727.d22ae58/arrow2DB.c:327:26: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc(input)) == EOF)
data/dazzdb-1.0+git20200727.d22ae58/arrow2DB.c:373:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
eof = (fgets(read,MAX_NAME,input) == NULL);
data/dazzdb-1.0+git20200727.d22ae58/arrow2DB.c:374:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read[strlen(read)-1] != '\n')
data/dazzdb-1.0+git20200727.d22ae58/arrow2DB.c:374:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (read[strlen(read)-1] != '\n')
data/dazzdb-1.0+git20200727.d22ae58/arrow2DB.c:374:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read[strlen(read)-1] != '\n')
data/dazzdb-1.0+git20200727.d22ae58/arrow2DB.c:379:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!eof && read[0] != '>')
data/dazzdb-1.0+git20200727.d22ae58/arrow2DB.c:433:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = strlen(read+rlen)-1;
data/dazzdb-1.0+git20200727.d22ae58/arrow2DB.c:434:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read[rlen+x] != '\n')
data/dazzdb-1.0+git20200727.d22ae58/arrow2DB.c:435:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (read[rlen] == '>')
data/dazzdb-1.0+git20200727.d22ae58/arrow2DB.c:444:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (eof || read[rlen] == '>')
data/dazzdb-1.0+git20200727.d22ae58/arrow2DB.c:449:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read = (char *) realloc(read,rmax+1);
data/dazzdb-1.0+git20200727.d22ae58/arrow2DB.c:457:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[rlen] = '\0';
data/dazzdb-1.0+git20200727.d22ae58/arrow2DB.c:467:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Number_Arrow(read);
data/dazzdb-1.0+git20200727.d22ae58/arrow2DB.c:468:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Compress_Read(rlen,read);
data/dazzdb-1.0+git20200727.d22ae58/arrow2DB.c:470:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fwrite(read,1,clen,arrow);
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:323:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *read;
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:380:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(core) >= MAX_NAME)
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:408:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
eof = (fgets(read,MAX_NAME,input) == NULL);
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:409:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (eof || strlen(read) < 1)
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:409:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (eof || strlen(read) < 1)
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:435:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read[strlen(read)-1] != '\n')
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:435:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (read[strlen(read)-1] != '\n')
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:435:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read[strlen(read)-1] != '\n')
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:440:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!eof && read[0] != '>')
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:452:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[rlen] = '>';
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:453:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hlen = strlen(read+rlen);
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:460:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = strlen(read+rlen)-1;
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:461:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read[rlen+x] != '\n')
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:466:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (eof || read[rlen] == '>')
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:471:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read = (char *) realloc(read,rmax+1);
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:479:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[rlen] = '\0';
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:487:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (number[(int) read[++i]] < 4)
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:499:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ x = number[(int) read[i]];
data/dazzdb-1.0+git20200727.d22ae58/fasta2DAM.c:502:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[i++] = (char) x;
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:329:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *read;
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:392:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
eof = (fgets(read,MAX_NAME,input) == NULL);
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:393:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (eof || strlen(read) < 1)
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:393:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (eof || strlen(read) < 1)
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:406:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(core) >= MAX_NAME)
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:438:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read[strlen(read)-1] != '\n')
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:438:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (read[strlen(read)-1] != '\n')
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:438:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read[strlen(read)-1] != '\n')
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:443:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!eof && read[0] != '>')
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:514:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = strlen(read+rlen)-1;
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:515:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read[rlen+x] != '\n')
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:516:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (read[rlen] == '>')
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:525:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (eof || read[rlen] == '>')
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:530:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read = (char *) realloc(read,rmax+1);
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:538:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[rlen] = '\0';
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:541:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ x = number[(int) read[i]];
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:543:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[i] = (char) x;
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:557:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Compress_Read(rlen,read);
data/dazzdb-1.0+git20200727.d22ae58/fasta2DB.c:559:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fwrite(read,1,clen,bases);
data/dazzdb-1.0+git20200727.d22ae58/quiva2DB.c:339:26: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc(input)) == EOF)
data/dazzdb-1.0+git20200727.d22ae58/quiva2DB.c:344:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fgetc(input) != EOF)
data/dazzdb-1.0+git20200727.d22ae58/quiva2DB.c:455:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(input) != EOF)
data/dazzdb-1.0+git20200727.d22ae58/simulator.c:568:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[1]);
data/dazzdb-1.0+git20200727.d22ae58/simulator.c:569:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[2]);
ANALYSIS SUMMARY:
Hits = 408
Lines analyzed = 13070 in approximately 0.39 seconds (33227 lines/second)
Physical Source Lines of Code (SLOC) = 9990
Hits@level = [0] 624 [1] 236 [2] 70 [3] 16 [4] 86 [5] 0
Hits@level+ = [0+] 1032 [1+] 408 [2+] 172 [3+] 102 [4+] 86 [5+] 0
Hits/KSLOC@level+ = [0+] 103.303 [1+] 40.8408 [2+] 17.2172 [3+] 10.2102 [4+] 8.60861 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.