Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/epcr-2.3.12-1/defaults.h
Examining data/epcr-2.3.12-1/fahash_defines.h
Examining data/epcr-2.3.12-1/fahash_internal.hpp
Examining data/epcr-2.3.12-1/build_cfg.h
Examining data/epcr-2.3.12-1/getopt.c
Examining data/epcr-2.3.12-1/bin-io.hpp
Examining data/epcr-2.3.12-1/fahash.hpp
Examining data/epcr-2.3.12-1/fahash_main.cpp
Examining data/epcr-2.3.12-1/fahash_create.cpp
Examining data/epcr-2.3.12-1/fahash_create1.cpp
Examining data/epcr-2.3.12-1/fahash_create2.cpp
Examining data/epcr-2.3.12-1/fahash_lookup.cpp
Examining data/epcr-2.3.12-1/faread.hpp
Examining data/epcr-2.3.12-1/fast_seqio.hpp
Examining data/epcr-2.3.12-1/fast_seqio_read.cpp
Examining data/epcr-2.3.12-1/fast_seqio_write.cpp
Examining data/epcr-2.3.12-1/hashset.cpp
Examining data/epcr-2.3.12-1/hashset.hpp
Examining data/epcr-2.3.12-1/mmap.cpp
Examining data/epcr-2.3.12-1/mmap.hpp
Examining data/epcr-2.3.12-1/re-PCR_main.cpp
Examining data/epcr-2.3.12-1/align.cpp
Examining data/epcr-2.3.12-1/align.hpp
Examining data/epcr-2.3.12-1/minilcs.cpp
Examining data/epcr-2.3.12-1/minilcs.hpp
Examining data/epcr-2.3.12-1/seqcmp_main.cpp
Examining data/epcr-2.3.12-1/strref.hpp
Examining data/epcr-2.3.12-1/sts.hpp
Examining data/epcr-2.3.12-1/sts_i.hpp
Examining data/epcr-2.3.12-1/stsfilter.cpp
Examining data/epcr-2.3.12-1/stsmatch.cpp
Examining data/epcr-2.3.12-1/stsmatch.hpp
Examining data/epcr-2.3.12-1/stsmatch_i.cpp
Examining data/epcr-2.3.12-1/stsmatch_i.hpp
Examining data/epcr-2.3.12-1/stsmatch_m.hpp
Examining data/epcr-2.3.12-1/mswin.h
Examining data/epcr-2.3.12-1/native64.h
Examining data/epcr-2.3.12-1/faread.cpp
Examining data/epcr-2.3.12-1/stsmatch_m.cpp
Examining data/epcr-2.3.12-1/e-PCR_main.cpp
Examining data/epcr-2.3.12-1/famap_main.cpp
FINAL RESULTS:
data/epcr-2.3.12-1/fahash_lookup.cpp:52:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DBG fprintf(stderr,__FILE__":%d\n",__LINE__)
data/epcr-2.3.12-1/fahash_lookup.cpp:53:16: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define HEX(a) fprintf(stderr,__FILE__":%d\t"#a"\t= 0x%08x\n",__LINE__,a)
data/epcr-2.3.12-1/fahash_lookup.cpp:54:16: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define INT(a) fprintf(stderr,__FILE__":%d\t"#a"\t= %d\n",__LINE__,a)
data/epcr-2.3.12-1/fahash_lookup.cpp:55:16: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define STR(a) fprintf(stderr,__FILE__":%d\t"#a"\t= %s\n",__LINE__,a.c_str())
data/epcr-2.3.12-1/fahash_main.cpp:158:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,CLREOL " - Adding Sequence %s\n",id);
data/epcr-2.3.12-1/fahash_main.cpp:167:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,CLREOL " %50s\r %3d%% %.*s",
data/epcr-2.3.12-1/fahash_main.cpp:176:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,CLREOL "* Adding File %s\n",name);
data/epcr-2.3.12-1/fahash_main.cpp:185:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,CLREOL " %50s\r %3d%% %.*s",
data/epcr-2.3.12-1/fahash_main.cpp:194:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,CLREOL "= Dumping \n");
data/epcr-2.3.12-1/fahash_main.cpp:198:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,CLREOL "= Dumping OK\n");
data/epcr-2.3.12-1/fahash_main.cpp:202:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,CLREOL "= Resetting...");
data/epcr-2.3.12-1/faread.cpp:52:20: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
f=pipe?popen(name,"r"):fopen64(name,"r");
data/epcr-2.3.12-1/mswin.h:47:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/epcr-2.3.12-1/mswin.h:47:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/epcr-2.3.12-1/re-PCR_main.cpp:191:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,CLREOL "");
data/epcr-2.3.12-1/re-PCR_main.cpp:202:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,CLREOL "- Progress: %3d%% %.*sO%.*s\r",
data/epcr-2.3.12-1/stsfilter.cpp:38:18: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DBG fprintf(stdout,__FILE__"[%d]\n",__LINE__);
data/epcr-2.3.12-1/stsfilter.cpp:39:18: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define SHOWI(a) fprintf(stdout,__FILE__"[%d] "#a"=%d\n",__LINE__,a);
data/epcr-2.3.12-1/stsfilter.cpp:41:1: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout,__FILE__"[%d] "#a"=%.*s\n",__LINE__,a.length(),a.data());
data/epcr-2.3.12-1/stsmatch_i.cpp:38:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DBG fprintf(stderr,__FILE__":%d\n",__LINE__)
data/epcr-2.3.12-1/stsmatch_i.cpp:39:16: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define INT(i) fprintf(stderr,__FILE__":%d - %s = %d\n",__LINE__,#i,i)
data/epcr-2.3.12-1/stsmatch_i.cpp:40:18: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define STR(s,i) fprintf(stderr,__FILE__":%d - %s = %.*s\n",__LINE__,#s,i,s)
data/epcr-2.3.12-1/e-PCR_main.cpp:194:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((optchar=getopt(argc,argv,"+hVf:m:n:w:g:o:t:p:v:d:a:x:u:b:l:"))!=-1) {
data/epcr-2.3.12-1/fahash_main.cpp:105:20: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((optchar=getopt(argc,argv,"hVw:F:f:b:kT:v:o:c:"))!=-1) {
data/epcr-2.3.12-1/famap_main.cpp:91:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((optchar=getopt(argc,argv,"hVb:d:l:t:"))!=-1) {
data/epcr-2.3.12-1/getopt.c:39:5: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt(int argc, char ** argv, const char* optstring)
data/epcr-2.3.12-1/hashset.cpp:228:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((optchar=getopt(argc,argv,"hVp:w:"))!=-1) {
data/epcr-2.3.12-1/minilcs.cpp:53:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((optopt=getopt(argc,argv,"hVg:r"))!=-1) {
data/epcr-2.3.12-1/mswin.h:86:9: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt(int argc, char ** argv, const char* optstring);
data/epcr-2.3.12-1/re-PCR_main.cpp:127:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((optchar=getopt(argc,argv,"hVp:P:s:S:d:m:r:g:n:O:C:o:lGq"))!=-1) {
data/epcr-2.3.12-1/seqcmp_main.cpp:116:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((optchar=getopt(argc,argv,"hVn:g:s:r:a:"))!=-1) {
data/epcr-2.3.12-1/e-PCR_main.cpp:184:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hi=atoi(x+1);
data/epcr-2.3.12-1/e-PCR_main.cpp:208:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else pcrMachine.SetMargin(atoi(optarg));
data/epcr-2.3.12-1/e-PCR_main.cpp:210:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'w': stsFileHash.SetHash(CHashSet(atoi(optarg), stsFileHash.GetWordCount())); break;
data/epcr-2.3.12-1/e-PCR_main.cpp:211:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'n': m_MaxMismatch=atoi(optarg); break;
data/epcr-2.3.12-1/e-PCR_main.cpp:212:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'g': m_MaxGaps=atoi(optarg); break;
data/epcr-2.3.12-1/e-PCR_main.cpp:213:70: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'f': stsFileHash.SetHash(CHashSet(stsFileHash.GetWordSize(), atoi(optarg))); break;
data/epcr-2.3.12-1/e-PCR_main.cpp:216:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 't': ofmt=atoi(optarg); break;
data/epcr-2.3.12-1/e-PCR_main.cpp:261:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'M': pcrMachine.SetMargin(atoi(argv[optind]+2)); break;
data/epcr-2.3.12-1/e-PCR_main.cpp:262:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'W': stsFileHash.SetHash(CHashSet(atoi(argv[optind]+2),
data/epcr-2.3.12-1/e-PCR_main.cpp:265:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'N': m_MaxMismatch=atoi(argv[optind]+2); break;
data/epcr-2.3.12-1/e-PCR_main.cpp:266:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'G': m_MaxGaps=atoi(argv[optind]+2); break;
data/epcr-2.3.12-1/e-PCR_main.cpp:268:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(argv[optind]+2))); break;
data/epcr-2.3.12-1/e-PCR_main.cpp:270:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'T': ofmt=atoi(argv[optind]+2); break;
data/epcr-2.3.12-1/e-PCR_main.cpp:371:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/epcr-2.3.12-1/e-PCR_main.cpp:444:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char position[32];
data/epcr-2.3.12-1/e-PCR_main.cpp:453:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(position,"%d", 1 + (pos1+pos2-1)/2);
data/epcr-2.3.12-1/e-PCR_main.cpp:455:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(position,"%d..%d",pos1+1,pos2);
data/epcr-2.3.12-1/e-PCR_main.cpp:598:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_Sequence+m_Size,seq,length);
data/epcr-2.3.12-1/fahash_lookup.cpp:156:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_Fd = open( path.c_str(), O_RDONLY | O_LARGEFILE );
data/epcr-2.3.12-1/fahash_lookup.cpp:160:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[16];
data/epcr-2.3.12-1/fahash_main.cpp:109:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'w': wdsize=atoi(optarg); break;
data/epcr-2.3.12-1/fahash_main.cpp:110:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'f': period=atoi(optarg); break;
data/epcr-2.3.12-1/fahash_main.cpp:111:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'c': cachesize=atoi(optarg); break;
data/epcr-2.3.12-1/fahash_main.cpp:127:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int v=atoi(optarg);
data/epcr-2.3.12-1/fahash_main.cpp:289:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wtype[128];
data/epcr-2.3.12-1/famap_main.cpp:172:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int x=atoi(argv[a]);
data/epcr-2.3.12-1/famap_main.cpp:207:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int x=atoi(argv[a]);
data/epcr-2.3.12-1/faread.cpp:50:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(name,"r");
data/epcr-2.3.12-1/faread.cpp:98:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[16192];
data/epcr-2.3.12-1/fast_seqio_read.cpp:60:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd=open(path.c_str(),O_RDONLY|O_LARGEFILE);
data/epcr-2.3.12-1/fast_seqio_read.cpp:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[128];
data/epcr-2.3.12-1/fast_seqio_read.cpp:120:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[128];
data/epcr-2.3.12-1/hashset.cpp:234:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'p': period=atoi(optarg); break;
data/epcr-2.3.12-1/hashset.cpp:235:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'w': wdsize=atoi(optarg); break;
data/epcr-2.3.12-1/minilcs.cpp:64:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxgaps=atoi(optarg);
data/epcr-2.3.12-1/mswin.h:46:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define fopen64 fopen
data/epcr-2.3.12-1/native64.h:39:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define fopen64 fopen
data/epcr-2.3.12-1/re-PCR_main.cpp:361:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/epcr-2.3.12-1/re-PCR_main.cpp:374:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(FILE * in = fopen(argv[i], "r")) {
data/epcr-2.3.12-1/re-PCR_main.cpp:376:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/epcr-2.3.12-1/re-PCR_main.cpp:423:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/epcr-2.3.12-1/re-PCR_main.cpp:428:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int hi=(x&&(*x=='-'))?max(atoi(x+1),lo):lo;
data/epcr-2.3.12-1/re-PCR_main.cpp:445:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * f=fopen(argv[i],"r");
data/epcr-2.3.12-1/re-PCR_main.cpp:447:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/epcr-2.3.12-1/seqcmp_main.cpp:120:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'n': mism=atoi(optarg); break;
data/epcr-2.3.12-1/seqcmp_main.cpp:121:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'g': gaps=atoi(optarg); break;
data/epcr-2.3.12-1/stsmatch_m.cpp:116:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd=open(fname.c_str(),O_RDONLY);
data/epcr-2.3.12-1/stsmatch_m.hpp:85:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * m_Primer[2];
data/epcr-2.3.12-1/stsmatch_m.hpp:86:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_Length[2];
data/epcr-2.3.12-1/stsmatch_m.hpp:91:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_OvhgChars[2];
data/epcr-2.3.12-1/align.cpp:69:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(len == ~0U) len=strlen(seq);
data/epcr-2.3.12-1/align.cpp:78:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(len == ~0U) len=strlen(seq);
data/epcr-2.3.12-1/bin-io.hpp:96:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( (size_t)read( fd, &t, sizeof( T ) ) != sizeof( T ) && errno )
data/epcr-2.3.12-1/bin-io.hpp:105:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( t.size() && (size_t)read( fd, &t[0], t.size() ) != t.size() && errno )
data/epcr-2.3.12-1/fahash_lookup.cpp:161:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read( m_Fd, buff, 16 ); // signature
data/epcr-2.3.12-1/faread.cpp:109:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * eol=strlen(buffer)+buffer;
data/epcr-2.3.12-1/fast_seqio_read.cpp:88:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(read(m_Fd,buff,8) != 8) throw runtime_error(strerror(errno));
data/epcr-2.3.12-1/fast_seqio_read.cpp:121:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(read(m_Fd,buff,8)!=8) throw runtime_error("read failed");
data/epcr-2.3.12-1/hashset.cpp:258:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(ptr)<wdsize) continue;
data/epcr-2.3.12-1/minilcs.hpp:222:9: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
mismatch: m_Mismatches++; x--; break;
data/epcr-2.3.12-1/minilcs.hpp:224:42: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(m_Path[y-1][x]=='i') goto mismatch;
data/epcr-2.3.12-1/minilcs.hpp:228:44: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(m_Path[y+1][x-1]=='d') goto mismatch;
data/epcr-2.3.12-1/minilcs.hpp:265:9: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
mismatch:
data/epcr-2.3.12-1/minilcs.hpp:272:42: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(m_Path[y-1][x]=='i') goto mismatch;
data/epcr-2.3.12-1/minilcs.hpp:279:44: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(m_Path[y+1][x-1]=='d') goto mismatch;
data/epcr-2.3.12-1/re-PCR_main.cpp:431:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* rev2(FlipSequence(argv[i+1],strlen(argv[i+1])));
data/epcr-2.3.12-1/re-PCR_main.cpp:436:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* rev1(FlipSequence(argv[i+0],strlen(argv[i+0])));
data/epcr-2.3.12-1/seqcmp_main.cpp:154:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * end=seq+strlen(seq);
data/epcr-2.3.12-1/seqcmp_main.cpp:157:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len=strlen(primer);
data/epcr-2.3.12-1/strref.hpp:48:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CStrRef(const char * s):m_Data(s),m_Length(strlen(s)) {}
data/epcr-2.3.12-1/stsmatch_i.cpp:117:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(seq_len==0) seq_len=strlen(seq_data);
data/epcr-2.3.12-1/stsmatch_m.cpp:107:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return CStrRef(c,cc?cc-c:strlen(c));
data/epcr-2.3.12-1/stsmatch_m.cpp:126:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd,m_MemoryBase,m_MemorySize);
ANALYSIS SUMMARY:
Hits = 104
Lines analyzed = 9659 in approximately 2.64 seconds (3657 lines/second)
Physical Source Lines of Code (SLOC) = 5961
Hits@level = [0] 105 [1] 23 [2] 50 [3] 9 [4] 22 [5] 0
Hits@level+ = [0+] 209 [1+] 104 [2+] 81 [3+] 31 [4+] 22 [5+] 0
Hits/KSLOC@level+ = [0+] 35.0612 [1+] 17.4467 [2+] 13.5883 [3+] 5.20047 [4+] 3.69066 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.