Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/elph-1.0.1/sources/elph.cc
Examining data/elph-1.0.1/sources/GString.h
Examining data/elph-1.0.1/sources/GBase.h
Examining data/elph-1.0.1/sources/GArgs.cpp
Examining data/elph-1.0.1/sources/motif.cc
Examining data/elph-1.0.1/sources/GFastaFile.h
Examining data/elph-1.0.1/sources/GArgs.h
Examining data/elph-1.0.1/sources/GBase.cpp
Examining data/elph-1.0.1/sources/motif.h
Examining data/elph-1.0.1/sources/GString.cpp

FINAL RESULTS:

data/elph-1.0.1/sources/GArgs.cpp:104:18:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                 strcpy(args[count].value, argv[p]);
data/elph-1.0.1/sources/GArgs.cpp:113:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(args[count].value, (argv[p]+2));
data/elph-1.0.1/sources/GArgs.cpp:142:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(args[count].value, e+1);
data/elph-1.0.1/sources/GBase.cpp:13:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(msg,"%s(%d): GASSERT(%s) failed.\n",filename,lineno,expression);
data/elph-1.0.1/sources/GBase.cpp:21:5:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    vsprintf(msg,format,arguments);
data/elph-1.0.1/sources/GBase.cpp:30:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr,format,arguments);
data/elph-1.0.1/sources/GBase.cpp:40:3:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
  vsprintf(msg,format,arguments);
data/elph-1.0.1/sources/GBase.cpp:87:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(copy,str);
data/elph-1.0.1/sources/GString.cpp:37:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(data->chars, str);
data/elph-1.0.1/sources/GString.cpp:342:11:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
  int len=vsprintf(buf,fmt,arguments);
data/elph-1.0.1/sources/GString.cpp:359:3:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
  vsprintf(buf,fmt,arguments);
data/elph-1.0.1/sources/GString.cpp:652:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(dest, s); 
data/elph-1.0.1/sources/GString.cpp:699:12:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
           strcpy(dest, s);
data/elph-1.0.1/sources/GString.cpp:710:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy(dest, s);
data/elph-1.0.1/sources/GString.cpp:748:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    ::strcpy(&data->chars[index], &chars()[index+len]);
data/elph-1.0.1/sources/GString.cpp:777:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        ::strcpy(&data->chars[index+s.length()], &chars()[index+len]);
data/elph-1.0.1/sources/GString.cpp:810:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        ::strcpy(&data->chars[index+s_length], &chars()[index+len]);
data/elph-1.0.1/sources/GString.cpp:834:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        ::strcpy(&data->chars[index+s.length()], &chars()[index]);
data/elph-1.0.1/sources/GString.cpp:859:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        ::strcpy(&data->chars[index+s_length], &chars()[index]);
data/elph-1.0.1/sources/GString.cpp:879:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  ::strcpy(&my_data->chars[my_data->length], s);
data/elph-1.0.1/sources/GString.cpp:1024:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
 strcpy(fTokenDelimiter, delimiter);
data/elph-1.0.1/sources/motif.cc:383:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(fkseq[i],fseq1.seq);
data/elph-1.0.1/sources/motif.cc:384:27:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    if(testlen>fseq1.len) strcat(fkseq[i],fseq2.seq);
data/elph-1.0.1/sources/motif.cc:418:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(fkseq[i],fseq.seq);
data/elph-1.0.1/sources/motif.cc:496:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    else strcpy(consensus,pattern);
data/elph-1.0.1/sources/motif.cc:1078:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    else strcpy(consensus,pattern);
data/elph-1.0.1/sources/motif.cc:1086:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(fkseq[i],fkseq[-1+B->noseq]);
data/elph-1.0.1/sources/motif.cc:1803:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(align,motif);
data/elph-1.0.1/sources/motif.cc:1840:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	      strcat(align,motif);
data/elph-1.0.1/sources/motif.cc:1885:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(align,motif); 
data/elph-1.0.1/sources/motif.cc:2079:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(copy,pattern);
data/elph-1.0.1/sources/motif.cc:2132:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(copy,pattern);
data/elph-1.0.1/sources/motif.cc:2815:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(t,snew);
data/elph-1.0.1/sources/motif.cc:2829:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      strcpy(t,snew);
data/elph-1.0.1/sources/elph.cc:195:3:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  srand(seed);
data/elph-1.0.1/sources/GArgs.cpp:134:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
     char part[30];
data/elph-1.0.1/sources/GBase.cpp:9:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char msg[4069];
data/elph-1.0.1/sources/GBase.cpp:99:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
 memcpy(subs, str, newlen-1);
data/elph-1.0.1/sources/GFastaFile.h:88:22:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
           if ((fh = fopen(filename, mode)) == NULL)
data/elph-1.0.1/sources/GString.cpp:77:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        ::memcpy(data->chars, chars(), length());
data/elph-1.0.1/sources/GString.cpp:130:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char buf[20];
data/elph-1.0.1/sources/GString.cpp:131:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
 sprintf(buf,"%d",i);
data/elph-1.0.1/sources/GString.cpp:134:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
 ::memcpy(chrs(), buf, length);
data/elph-1.0.1/sources/GString.cpp:141:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char buf[20];
data/elph-1.0.1/sources/GString.cpp:142:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
 sprintf(buf,"%f",f);
data/elph-1.0.1/sources/GString.cpp:145:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
 ::memcpy(chrs(), buf, length);
data/elph-1.0.1/sources/GString.cpp:190:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  ::memcpy(chrs(), s, length); 
data/elph-1.0.1/sources/GString.cpp:196:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char buf[20];
data/elph-1.0.1/sources/GString.cpp:197:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
 sprintf(buf,"%f",f);
data/elph-1.0.1/sources/GString.cpp:200:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
 ::memcpy(chrs(), buf, length);
data/elph-1.0.1/sources/GString.cpp:206:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char buf[20];
data/elph-1.0.1/sources/GString.cpp:207:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
 sprintf(buf,"%d",i);
data/elph-1.0.1/sources/GString.cpp:210:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
 ::memcpy(chrs(), buf, length);
data/elph-1.0.1/sources/GString.cpp:285:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char buf[4];
data/elph-1.0.1/sources/GString.cpp:286:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
 sprintf(buf,"%c",c);
data/elph-1.0.1/sources/GString.cpp:291:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char buf[20];
data/elph-1.0.1/sources/GString.cpp:292:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
 sprintf(buf,"%d",i);
data/elph-1.0.1/sources/GString.cpp:298:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char buf[30];
data/elph-1.0.1/sources/GString.cpp:299:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
 sprintf(buf,"%f",f);
data/elph-1.0.1/sources/GString.cpp:346:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  ::memcpy(chrs(), buf, len);
data/elph-1.0.1/sources/GString.cpp:381:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
 ::memcpy(data->chars, &chars()[istart], newlen);
data/elph-1.0.1/sources/GString.cpp:400:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
 ::memcpy(data->chars, &chars()[istart], newlen);
data/elph-1.0.1/sources/GString.cpp:420:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
 ::memcpy(data->chars, chars(), newlen);
data/elph-1.0.1/sources/GString.cpp:437:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
 ::memcpy(data->chars, chars(), newlen);
data/elph-1.0.1/sources/GString.cpp:454:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
 ::memcpy(data->chars, &chars()[istart], newlen);
data/elph-1.0.1/sources/GString.cpp:472:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
 ::memcpy(data->chars, &chars()[istart], newlen);
data/elph-1.0.1/sources/GString.cpp:483:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
 ::memcpy(&data->chars[len-length()], chars(), length());
data/elph-1.0.1/sources/GString.cpp:492:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
 ::memcpy(data->chars, chars(), length());
data/elph-1.0.1/sources/GString.cpp:505:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
 ::memcpy(&data->chars[istart], chars(), length());
data/elph-1.0.1/sources/GString.cpp:521:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        ::memcpy(newstring.chrs(), s1, s1_length);
data/elph-1.0.1/sources/GString.cpp:522:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        ::memcpy(&(newstring.chrs())[s1_length], s2.chars(), s2.length());
data/elph-1.0.1/sources/GString.cpp:537:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        ::memcpy(newstring.chrs(), chars(), length());
data/elph-1.0.1/sources/GString.cpp:538:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        ::memcpy(&(newstring.chrs())[length()], s.chars(), s.length());
data/elph-1.0.1/sources/GString.cpp:554:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        ::memcpy(newstring.chrs(), chars(), length());
data/elph-1.0.1/sources/GString.cpp:555:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        ::memcpy(&(newstring.chrs())[length()], s, s_length);
data/elph-1.0.1/sources/GString.cpp:561:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/elph-1.0.1/sources/GString.cpp:562:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%d", i);
data/elph-1.0.1/sources/GString.cpp:566:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    ::memcpy(newstring.chrs(), chars(), length());
data/elph-1.0.1/sources/GString.cpp:567:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    ::memcpy(&(newstring.chrs())[length()], buf, s_length);
data/elph-1.0.1/sources/GString.cpp:572:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[4];
data/elph-1.0.1/sources/GString.cpp:573:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%c", c);
data/elph-1.0.1/sources/GString.cpp:577:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    ::memcpy(newstring.chrs(), chars(), length());
data/elph-1.0.1/sources/GString.cpp:578:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    ::memcpy(&(newstring.chrs())[length()], buf, s_length);
data/elph-1.0.1/sources/GString.cpp:583:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[30];
data/elph-1.0.1/sources/GString.cpp:584:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%f", f);
data/elph-1.0.1/sources/GString.cpp:588:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    ::memcpy(newstring.chrs(), chars(), length());
data/elph-1.0.1/sources/GString.cpp:589:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    ::memcpy(&(newstring.chrs())[length()], buf, s_length);
data/elph-1.0.1/sources/GString.cpp:624:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    ::memcpy(newstring.chrs(), &chars()[index], len);
data/elph-1.0.1/sources/GString.cpp:647:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dest,s,p-s);
data/elph-1.0.1/sources/GString.cpp:694:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(dest,s,p-s);
data/elph-1.0.1/sources/GString.cpp:703:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy(dest,s,p-s); //copy up to the match
data/elph-1.0.1/sources/GString.cpp:705:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy(dest,to,tl); //put the replacement string
data/elph-1.0.1/sources/GString.cpp:718:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(p,to,l);
data/elph-1.0.1/sources/GString.cpp:747:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        ::memcpy(data->chars, chars(), index);
data/elph-1.0.1/sources/GString.cpp:770:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        ::memcpy(&chrs()[index], s.chars(), len);
data/elph-1.0.1/sources/GString.cpp:774:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            ::memcpy(data->chars, chars(), index);
data/elph-1.0.1/sources/GString.cpp:776:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            ::memcpy(&data->chars[index], s.chars(), s.length());
data/elph-1.0.1/sources/GString.cpp:803:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        ::memcpy(&chrs()[index], s, len);
data/elph-1.0.1/sources/GString.cpp:807:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            ::memcpy(data->chars, chars(), index);
data/elph-1.0.1/sources/GString.cpp:809:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            ::memcpy(&data->chars[index], s, s_length);
data/elph-1.0.1/sources/GString.cpp:832:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            ::memcpy(data->chars, chars(), index);
data/elph-1.0.1/sources/GString.cpp:833:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        ::memcpy(&data->chars[index], s.chars(), s.length());
data/elph-1.0.1/sources/GString.cpp:857:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            ::memcpy(data->chars, chars(), index);
data/elph-1.0.1/sources/GString.cpp:858:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        ::memcpy(&data->chars[index], s, s_length);
data/elph-1.0.1/sources/GString.cpp:874:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    ::memcpy(my_data->chars, s, len);
data/elph-1.0.1/sources/GString.cpp:1053:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
     ::memcpy(token.chrs(), &chars()[fLastTokenStart], tlen);
data/elph-1.0.1/sources/GString.cpp:1088:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   ::memcpy(token.chrs(), &chars()[fLastTokenStart], tlen);
data/elph-1.0.1/sources/GString.cpp:1135:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        ::memcpy(data->chars, readbuf, numread);
data/elph-1.0.1/sources/GString.cpp:1140:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&data->chars[acc_len], readbuf, numread);
data/elph-1.0.1/sources/GString.cpp:1164:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char buf[24];
data/elph-1.0.1/sources/GString.cpp:1188:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char buf[24];
data/elph-1.0.1/sources/GString.h:157:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
               char chars[1];
data/elph-1.0.1/sources/elph.cc:163:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    outf=fopen(outfile, "w");
data/elph-1.0.1/sources/motif.cc:489:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char consensus[len+1];
data/elph-1.0.1/sources/motif.cc:896:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    M = fopen(matrixfile,"r");
data/elph-1.0.1/sources/motif.cc:902:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[5000];
data/elph-1.0.1/sources/motif.cc:932:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	      int tok=atoi(myargv[j]);
data/elph-1.0.1/sources/motif.cc:1071:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char consensus[len+1];
data/elph-1.0.1/sources/motif.cc:1272:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char consensus[len+1];
data/elph-1.0.1/sources/motif.cc:1771:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char align[len+14];
data/elph-1.0.1/sources/motif.cc:1772:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char motif[len+1];
data/elph-1.0.1/sources/GArgs.cpp:31:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
int fmtlen=strlen(format);
data/elph-1.0.1/sources/GArgs.cpp:62:10:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
         strncpy(fmt[fmtcount].opt, fstr, l);
data/elph-1.0.1/sources/GArgs.cpp:103:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 GMALLOC(args[count].value, strlen(argv[p])+1);
data/elph-1.0.1/sources/GArgs.cpp:112:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                GMALLOC(args[count].value, strlen(argv[p])-2);
data/elph-1.0.1/sources/GArgs.cpp:135:6:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
     strncpy(part, argv[p], e-argv[p]);
data/elph-1.0.1/sources/GArgs.cpp:140:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if (strlen(argv[p])-strlen(part)>0) {
data/elph-1.0.1/sources/GArgs.cpp:140:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if (strlen(argv[p])-strlen(part)>0) {
data/elph-1.0.1/sources/GArgs.cpp:141:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            GMALLOC(args[count].value, strlen(argv[p])-strlen(part));            
data/elph-1.0.1/sources/GArgs.cpp:141:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            GMALLOC(args[count].value, strlen(argv[p])-strlen(part));            
data/elph-1.0.1/sources/GBase.cpp:86:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  GMALLOC(copy, strlen(str)+1);
data/elph-1.0.1/sources/GBase.cpp:93:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 int len=strlen(str);
data/elph-1.0.1/sources/GBase.cpp:125:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 p=str+strlen(str)-1;
data/elph-1.0.1/sources/GBase.cpp:139:11:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    int c=getc(stream);
data/elph-1.0.1/sources/GBase.cpp:143:16:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if ((c=getc(stream))!='\n')
data/elph-1.0.1/sources/GBase.cpp:170:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  unsigned int l=strlen(s);
data/elph-1.0.1/sources/GBase.cpp:181:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 char* p=str+strlen(str)-strlen(substr); 
data/elph-1.0.1/sources/GBase.cpp:181:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 char* p=str+strlen(str)-strlen(substr); 
data/elph-1.0.1/sources/GBase.cpp:183:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 l=strlen(substr);  
data/elph-1.0.1/sources/GBase.cpp:198:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 l=strlen(substr);
data/elph-1.0.1/sources/GFastaFile.h:157:11:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      c = getc(fh); read_pos++;
data/elph-1.0.1/sources/GFastaFile.h:170:23:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          while ((c = getc(fh)) != EOF && c != '\n') read_pos++; /* skip defline */
data/elph-1.0.1/sources/GFastaFile.h:175:23:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          while ((c = getc(fh)) != EOF && c != '>') {
data/elph-1.0.1/sources/GFastaFile.h:184:23:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          while ((c = getc(fh)) != EOF && c != '\n') {
data/elph-1.0.1/sources/GFastaFile.h:212:26:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
             while ((c = getc(fh)) != EOF && c != '>') {
data/elph-1.0.1/sources/GFastaFile.h:231:26:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
             while ((c = getc(fh)) != EOF && c != '>') {
data/elph-1.0.1/sources/GFastaFile.h:273:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      fwrite(s, 1, strlen(s), fh);
data/elph-1.0.1/sources/GFastaFile.h:274:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      i=(descr==NULL)? 0 : strlen(descr);
data/elph-1.0.1/sources/GFastaFile.h:281:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          int len=strlen(seq);
data/elph-1.0.1/sources/GString.cpp:33:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 int length=strlen(str);
data/elph-1.0.1/sources/GString.cpp:132:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 const int length = ::strlen(buf);
data/elph-1.0.1/sources/GString.cpp:143:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 const int length = ::strlen(buf);
data/elph-1.0.1/sources/GString.cpp:189:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const int length = ::strlen(s); replace_data(length);
data/elph-1.0.1/sources/GString.cpp:198:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 const int length = ::strlen(buf);
data/elph-1.0.1/sources/GString.cpp:208:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 const int length = ::strlen(buf);
data/elph-1.0.1/sources/GString.cpp:338:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  GMALLOC(buf, strlen(fmt)+1024);
data/elph-1.0.1/sources/GString.cpp:355:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  GMALLOC(buf, strlen(fmt)+1024);
data/elph-1.0.1/sources/GString.cpp:514:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int s1_length = ::strlen(s1);
data/elph-1.0.1/sources/GString.cpp:547:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int s_length = ::strlen(s);
data/elph-1.0.1/sources/GString.cpp:563:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int s_length = ::strlen(buf);
data/elph-1.0.1/sources/GString.cpp:574:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int s_length = ::strlen(buf);
data/elph-1.0.1/sources/GString.cpp:585:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int s_length = ::strlen(buf);
data/elph-1.0.1/sources/GString.cpp:633:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 if (length() == 0 || from==NULL || strlen(from)==0)
data/elph-1.0.1/sources/GString.cpp:635:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 unsigned int l=strlen(from);       
data/elph-1.0.1/sources/GString.cpp:636:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 if (to!=NULL && strlen(to)!=l)
data/elph-1.0.1/sources/GString.cpp:653:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        dest+=strlen(s);
data/elph-1.0.1/sources/GString.cpp:665:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 data->length=strlen(data->chars);
data/elph-1.0.1/sources/GString.cpp:674:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 if (length() == 0 || from==NULL || strlen(from)==0)
data/elph-1.0.1/sources/GString.cpp:676:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 unsigned int l=strlen(from);
data/elph-1.0.1/sources/GString.cpp:677:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 unsigned int tl= (to==NULL)?0:strlen(to);
data/elph-1.0.1/sources/GString.cpp:800:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int s_length = ::strlen(s);
data/elph-1.0.1/sources/GString.cpp:852:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int s_length = ::strlen(s);
data/elph-1.0.1/sources/GString.cpp:869:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int len=::strlen(s);
data/elph-1.0.1/sources/GString.cpp:913:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(s)>(size_t)length()) return -1;
data/elph-1.0.1/sources/GString.cpp:974:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      result=substr(i+strlen(delim));
data/elph-1.0.1/sources/GString.cpp:1002:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      result=substr(i+strlen(delim));
data/elph-1.0.1/sources/GString.cpp:1023:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 GMALLOC(fTokenDelimiter,strlen(delimiter)+1);
data/elph-1.0.1/sources/GString.cpp:1038:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 int dlen=strlen(fTokenDelimiter);
data/elph-1.0.1/sources/GString.cpp:1095:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
size_t GString::read(FILE* stream, char* delimiter, size_t bufsize) {
data/elph-1.0.1/sources/GString.cpp:1114:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 int seplen=strlen(delimiter);
data/elph-1.0.1/sources/GString.cpp:1179:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
   strncpy(buf, &my_data->chars[i-j], j);
data/elph-1.0.1/sources/GString.cpp:1203:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
   strncpy(buf, &my_data->chars[i+1], j);
data/elph-1.0.1/sources/GString.h:136:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        size_t read(FILE* stream, char* delimiter="\n", size_t bufsize=4096);
data/elph-1.0.1/sources/motif.cc:499:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      MatchSeqPatt(fkseq[i],consensus,i,strlen(fkseq[i]));
data/elph-1.0.1/sources/motif.cc:889:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  motiflen=strlen(pattern);
data/elph-1.0.1/sources/motif.cc:892:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(!len && strlen(matrixfile)) {
data/elph-1.0.1/sources/motif.cc:1085:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if(!MatchSeqPattExact(fkseq[i],consensus,i,strlen(fkseq[i]),1)) {
data/elph-1.0.1/sources/motif.cc:1091:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      else MatchSeqPatt(fkseq[i],consensus,i,strlen(fkseq[i]));
data/elph-1.0.1/sources/motif.cc:1131:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len=strlen(pattern);
data/elph-1.0.1/sources/motif.cc:1333:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    MatchSeqPatt(fkseq[i],pattern,i,strlen(fkseq[i]));
data/elph-1.0.1/sources/motif.cc:1782:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(spaces," ");
data/elph-1.0.1/sources/motif.cc:1790:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(motif,fseq.seq+Align[i],len);
data/elph-1.0.1/sources/motif.cc:1802:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(align," ");
data/elph-1.0.1/sources/motif.cc:1804:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(align," ");
data/elph-1.0.1/sources/motif.cc:1827:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(motif,fseq.seq+motifprob[i].pos,len);
data/elph-1.0.1/sources/motif.cc:1839:8:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	      strcat(align," ");
data/elph-1.0.1/sources/motif.cc:1841:8:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	      strcat(align," ");
data/elph-1.0.1/sources/motif.cc:1872:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(motif,fseq.seq+pos,len); 
data/elph-1.0.1/sources/motif.cc:1884:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(align," ");
data/elph-1.0.1/sources/motif.cc:1886:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(align," ");
data/elph-1.0.1/sources/motif.cc:2457:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      int fkseqlen=strlen(fkseq[i]);
data/elph-1.0.1/sources/motif.cc:2519:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      int motiffreqlen=strlen(fkseq[i]);
data/elph-1.0.1/sources/motif.cc:2593:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      int fkseqlen=strlen(fkseq[i]);
data/elph-1.0.1/sources/motif.cc:2808:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if((t=(char *)calloc(strlen(snew)+1,sizeof(char)))==NULL)

ANALYSIS SUMMARY:

Hits = 204
Lines analyzed = 5814 in approximately 0.94 seconds (6196 lines/second)
Physical Source Lines of Code (SLOC) = 4105
Hits@level = [0]  90 [1]  83 [2]  86 [3]   1 [4]  34 [5]   0
Hits@level+ = [0+] 294 [1+] 204 [2+] 121 [3+]  35 [4+]  34 [5+]   0
Hits/KSLOC@level+ = [0+] 71.62 [1+] 49.6955 [2+] 29.4762 [3+] 8.52619 [4+] 8.28258 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.