Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/delly-0.8.3/src/align.h Examining data/delly-0.8.3/src/assemble.h Examining data/delly-0.8.3/src/bolog.h Examining data/delly-0.8.3/src/cluster.h Examining data/delly-0.8.3/src/coverage.h Examining data/delly-0.8.3/src/delly.cpp Examining data/delly-0.8.3/src/delly.h Examining data/delly-0.8.3/src/dpe.cpp Examining data/delly-0.8.3/src/filter.h Examining data/delly-0.8.3/src/genotype.h Examining data/delly-0.8.3/src/gotoh.h Examining data/delly-0.8.3/src/junction.h Examining data/delly-0.8.3/src/merge.h Examining data/delly-0.8.3/src/modvcf.h Examining data/delly-0.8.3/src/msa.h Examining data/delly-0.8.3/src/needle.h Examining data/delly-0.8.3/src/shortpe.h Examining data/delly-0.8.3/src/split.h Examining data/delly-0.8.3/src/tags.h Examining data/delly-0.8.3/src/tegua.h Examining data/delly-0.8.3/src/util.h Examining data/delly-0.8.3/src/version.h FINAL RESULTS: data/delly-0.8.3/src/align.h:16:17: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. TScoreValue mismatch; data/delly-0.8.3/src/align.h:29:104: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. DnaScore(TScoreValue m, TScoreValue mm, TScoreValue gapopen, TScoreValue gapextension) : match(m), mismatch(mm), go(gapopen), ge(gapextension) { data/delly-0.8.3/src/align.h:100:48: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return (s1[row] == s2[col] ? sc.match : sc.mismatch ); data/delly-0.8.3/src/align.h:109:22: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. else return sc.mismatch; data/delly-0.8.3/src/align.h:115:70: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. score += p1[k1][row] * p2[k2][col] * ( (k1 == k2) ? sc.match : sc.mismatch ); data/delly-0.8.3/src/coverage.h:462:146: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. int32_t scoreAltThreshold = (int32_t) (c.flankQuality * consProbe.size() * simple.match + (1.0 - c.flankQuality) * consProbe.size() * simple.mismatch); data/delly-0.8.3/src/coverage.h:468:144: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. int32_t scoreRefThreshold = (int32_t) (c.flankQuality * refProbe.size() * simple.match + (1.0 - c.flankQuality) * refProbe.size() * simple.mismatch); data/delly-0.8.3/src/genotype.h:371:58: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. DnaScore<int> simple(c.aliscore.match, c.aliscore.mismatch, c.aliscore.mismatch, c.aliscore.mismatch); data/delly-0.8.3/src/genotype.h:371:79: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. DnaScore<int> simple(c.aliscore.match, c.aliscore.mismatch, c.aliscore.mismatch, c.aliscore.mismatch); data/delly-0.8.3/src/genotype.h:371:100: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. DnaScore<int> simple(c.aliscore.match, c.aliscore.mismatch, c.aliscore.mismatch, c.aliscore.mismatch); data/delly-0.8.3/src/genotype.h:374:140: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. scoreAlt /= (double) (c.flankQuality * gbp[svid].alt.size() * simple.match + (1.0 - c.flankQuality) * gbp[svid].alt.size() * simple.mismatch); data/delly-0.8.3/src/genotype.h:379:140: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. scoreRef /= (double) (c.flankQuality * gbp[svid].ref.size() * simple.match + (1.0 - c.flankQuality) * gbp[svid].ref.size() * simple.mismatch); data/delly-0.8.3/src/needle.h:66:96: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. mat[row][col] = std::max(std::max(mat[row-1][col-1] + (s1[row-1] == s2[col-1] ? sc.match : sc.mismatch), mat[row-1][col] + _verticalGap(ac, col, n, sc.ge)), mat[row][col-1] + _horizontalGap(ac, row, m, sc.ge)); data/delly-0.8.3/src/needle.h:81:102: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. rev[row][col] = std::max(std::max(rev[row-1][col-1] + (sRev1[row-1] == sRev2[col-1] ? sc.match : sc.mismatch), rev[row-1][col] + _verticalGap(ac, col, n, sc.ge)), rev[row][col-1] + _horizontalGap(ac, row, m, sc.ge)); data/delly-0.8.3/src/tegua.h:74:39: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. c.aliscore = DnaScore<int>(match, mismatch, go, ge); ANALYSIS SUMMARY: Hits = 15 Lines analyzed = 9228 in approximately 0.32 seconds (28596 lines/second) Physical Source Lines of Code (SLOC) = 7456 Hits@level = [0] 0 [1] 15 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 15 [1+] 15 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 2.0118 [1+] 2.0118 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.