Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/examl-3.0.22/examl/bipartitionList.c Examining data/examl-3.0.22/examl/byteFile.c Examining data/examl-3.0.22/examl/byteFile.h Examining data/examl-3.0.22/examl/communication.c Examining data/examl-3.0.22/examl/globalVariables.h Examining data/examl-3.0.22/examl/mic_native.h Examining data/examl-3.0.22/examl/mic_native_dna.c Examining data/examl-3.0.22/examl/models.c Examining data/examl-3.0.22/examl/optimizeModel.c Examining data/examl-3.0.22/examl/partitionAssignment.c Examining data/examl-3.0.22/examl/partitionAssignment.h Examining data/examl-3.0.22/examl/quartets.c Examining data/examl-3.0.22/examl/restartHashTable.c Examining data/examl-3.0.22/examl/searchAlgo.c Examining data/examl-3.0.22/examl/topologies.c Examining data/examl-3.0.22/examl/trash.c Examining data/examl-3.0.22/examl/treeIO.c Examining data/examl-3.0.22/examl/avxLikelihood.c Examining data/examl-3.0.22/examl/evaluateGenericSpecial.c Examining data/examl-3.0.22/examl/evaluatePartialGenericSpecial.c Examining data/examl-3.0.22/examl/makenewzGenericSpecial.c Examining data/examl-3.0.22/examl/mic_native_aa.c Examining data/examl-3.0.22/examl/newviewGenericSpecial.c Examining data/examl-3.0.22/examl/axml.c Examining data/examl-3.0.22/examl/axml.h Examining data/examl-3.0.22/parser/globalVariables.h Examining data/examl-3.0.22/parser/parsePartitions.c Examining data/examl-3.0.22/parser/axml.c Examining data/examl-3.0.22/parser/axml.h Examining data/examl-3.0.22/versionHeader/version.h FINAL RESULTS: data/examl-3.0.22/examl/axml.c:179:7: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(f, format, args ); data/examl-3.0.22/examl/axml.c:183:7: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(format, args ); data/examl-3.0.22/examl/axml.c:199:7: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(f, format, args ); data/examl-3.0.22/examl/axml.c:203:7: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(format, args ); data/examl-3.0.22/examl/axml.c:221:7: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(f, format, args ); data/examl-3.0.22/examl/axml.c:1066:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(quartetGroupingFileName, optarg); data/examl-3.0.22/examl/axml.c:1088:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(byteFileName, optarg); data/examl-3.0.22/examl/axml.c:1100:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(binaryCheckpointInputName, optarg); data/examl-3.0.22/examl/axml.c:1167:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(run_id,optarg); data/examl-3.0.22/examl/axml.c:1172:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(resultDir, optarg); data/examl-3.0.22/examl/axml.c:1176:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tree_file, optarg); data/examl-3.0.22/examl/axml.c:1180:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tree_file, optarg); data/examl-3.0.22/examl/axml.c:1185:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(model,optarg); data/examl-3.0.22/examl/axml.c:1279:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(dir, separator); data/examl-3.0.22/examl/axml.c:1281:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(dir, resultDir); data/examl-3.0.22/examl/axml.c:1284:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(dir, separator); data/examl-3.0.22/examl/axml.c:1285:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(workdir, dir); data/examl-3.0.22/examl/axml.c:1296:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(dir, separator); data/examl-3.0.22/examl/axml.c:1298:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(workdir, dir); data/examl-3.0.22/examl/axml.c:1322:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(resultFileName, workdir); data/examl-3.0.22/examl/axml.c:1323:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(logFileName, workdir); data/examl-3.0.22/examl/axml.c:1324:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(infoFileName, workdir); data/examl-3.0.22/examl/axml.c:1325:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(treeFileName, workdir); data/examl-3.0.22/examl/axml.c:1326:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(binaryCheckpointName, workdir); data/examl-3.0.22/examl/axml.c:1327:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelFileName, workdir); data/examl-3.0.22/examl/axml.c:1328:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(quartetFileName, workdir); data/examl-3.0.22/examl/axml.c:1338:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(resultFileName, run_id); data/examl-3.0.22/examl/axml.c:1339:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(logFileName, run_id); data/examl-3.0.22/examl/axml.c:1340:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(infoFileName, run_id); data/examl-3.0.22/examl/axml.c:1341:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(binaryCheckpointName, run_id); data/examl-3.0.22/examl/axml.c:1342:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(modelFileName, run_id); data/examl-3.0.22/examl/axml.c:1343:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(treeFileName, run_id); data/examl-3.0.22/examl/axml.c:1344:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(quartetFileName, run_id); data/examl-3.0.22/examl/axml.c:1510:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temporaryFileName, resultFileName); data/examl-3.0.22/examl/axml.c:1629:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(typeOfData, secondaryModelList[tr->secondaryStructureModel]); data/examl-3.0.22/examl/axml.c:1633:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(typeOfData, secondaryModelList[tr->secondaryStructureModel]); data/examl-3.0.22/examl/axml.c:1637:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(typeOfData, secondaryModelList[tr->secondaryStructureModel]); data/examl-3.0.22/examl/axml.c:1748:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fileName, modelFileName); data/examl-3.0.22/examl/axml.c:1754:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(fileName, buf); data/examl-3.0.22/examl/byteFile.c:412:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tr->nameList[i], bf->taxaNames[i-1]); data/examl-3.0.22/examl/optimizeModel.c:2556:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(gtrFileName, workdir); data/examl-3.0.22/examl/optimizeModel.c:2558:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(gtrFileName, run_id); data/examl-3.0.22/examl/optimizeModel.c:2560:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(gtrFileName, epsilonStr); data/examl-3.0.22/examl/quartets.c:392:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(quartetFileName, workdir); data/examl-3.0.22/examl/quartets.c:393:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(quartetFileName, basename(ckp.quartetFileName)); data/examl-3.0.22/examl/searchAlgo.c:1168:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(extendedName, binaryCheckpointName); data/examl-3.0.22/examl/searchAlgo.c:1171:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(extendedName, buf); data/examl-3.0.22/examl/searchAlgo.c:2590:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fileName, workdir); data/examl-3.0.22/examl/searchAlgo.c:2593:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(fileName, buf); data/examl-3.0.22/examl/searchAlgo.c:2595:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(fileName, run_id); data/examl-3.0.22/examl/treeIO.c:134:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p->word, s); data/examl-3.0.22/examl/treeIO.c:243:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(treestr, "%s", nameptr); data/examl-3.0.22/examl/treeIO.c:307:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(treestr, "%s", "\0"); data/examl-3.0.22/examl/treeIO.c:359:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(extendedTreeFileName, fileName); data/examl-3.0.22/examl/treeIO.c:362:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(extendedTreeFileName, buf); data/examl-3.0.22/parser/axml.c:150:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(f, format, args ); data/examl-3.0.22/parser/axml.c:154:3: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(format, args ); data/examl-3.0.22/parser/axml.c:170:7: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(f, format, args ); data/examl-3.0.22/parser/axml.c:174:7: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(format, args ); data/examl-3.0.22/parser/axml.c:752:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tr->nameList[i], buffer); data/examl-3.0.22/parser/axml.c:976:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p->word, s); data/examl-3.0.22/parser/axml.c:1131:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tr->extendedPartitionData[i].partitionName, tr->initialPartitionData[i].partitionName); data/examl-3.0.22/parser/axml.c:2120:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelFileName,optarg); data/examl-3.0.22/parser/axml.c:2124:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(run_id,optarg); data/examl-3.0.22/parser/axml.c:2129:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(seq_file, optarg); data/examl-3.0.22/parser/axml.c:2133:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(model,optarg); data/examl-3.0.22/parser/axml.c:2180:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(infoFileName, run_id); data/examl-3.0.22/parser/axml.c:2195:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(byteFileName, run_id); data/examl-3.0.22/parser/axml.c:2259:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(typeOfData, secondaryModelList[tr->secondaryStructureModel]); data/examl-3.0.22/parser/axml.c:2263:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(typeOfData, secondaryModelList[tr->secondaryStructureModel]); data/examl-3.0.22/parser/axml.c:2267:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(typeOfData, secondaryModelList[tr->secondaryStructureModel]); data/examl-3.0.22/parser/parsePartitions.c:150:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(thisModel, protModels[i]); data/examl-3.0.22/parser/parsePartitions.c:160:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(thisModel, protModels[i]); data/examl-3.0.22/parser/parsePartitions.c:184:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(thisModel, protModels[i]); data/examl-3.0.22/parser/parsePartitions.c:440:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&(p_names[i][0]), cc); data/examl-3.0.22/parser/parsePartitions.c:851:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mfn, secondaryStructureFileName); data/examl-3.0.22/parser/parsePartitions.c:853:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(mfn, excludeFileName); data/examl-3.0.22/parser/parsePartitions.c:880:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mfn, modelFileName); data/examl-3.0.22/parser/parsePartitions.c:882:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(mfn, excludeFileName); data/examl-3.0.22/parser/parsePartitions.c:910:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(AAmodel, protModels[tr->partitionData[i].protModels]); data/examl-3.0.22/parser/parsePartitions.c:974:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mfn, seq_file); data/examl-3.0.22/parser/parsePartitions.c:976:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(mfn, excludeFileName); data/examl-3.0.22/parser/parsePartitions.c:1268:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(partBuffer[i].partitionName, tr->extendedPartitionData[i].partitionName); data/examl-3.0.22/parser/parsePartitions.c:1283:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tr->extendedPartitionData[i].partitionName, partBuffer[i].partitionName); data/examl-3.0.22/examl/axml.c:1006:11: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc, argv, "R:B:Y:I:e:c:f:i:m:t:g:w:n:s:p:r:vhMSDa", long_options, &option_index); data/examl-3.0.22/examl/treeIO.c:1040:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(tr->randomSeed); data/examl-3.0.22/examl/axml.c:387:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(filename,"rb"); data/examl-3.0.22/examl/axml.c:403:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(path, mode); data/examl-3.0.22/examl/axml.c:906:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void analyzeRunId(char id[128]) data/examl-3.0.22/examl/axml.c:941:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/examl-3.0.22/examl/axml.c:1017:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/examl-3.0.22/examl/axml.c:1274:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/examl-3.0.22/examl/axml.c:1289:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/examl-3.0.22/examl/axml.c:1330:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(resultFileName, "ExaML_result."); data/examl-3.0.22/examl/axml.c:1331:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(logFileName, "ExaML_log."); data/examl-3.0.22/examl/axml.c:1332:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(infoFileName, "ExaML_info."); data/examl-3.0.22/examl/axml.c:1333:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(binaryCheckpointName, "ExaML_binaryCheckpoint."); data/examl-3.0.22/examl/axml.c:1334:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(modelFileName, "ExaML_modelFile."); data/examl-3.0.22/examl/axml.c:1335:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(treeFileName, "ExaML_TreeFile."); data/examl-3.0.22/examl/axml.c:1336:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(quartetFileName, "ExaML_quartets."); data/examl-3.0.22/examl/axml.c:1380:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char modelType[128]; data/examl-3.0.22/examl/axml.c:1384:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelType, "GAMMA with Median"); data/examl-3.0.22/examl/axml.c:1386:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelType, "GAMMA"); data/examl-3.0.22/examl/axml.c:1508:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temporaryFileName[1024] = ""; data/examl-3.0.22/examl/axml.c:1614:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void getDataTypeString(tree *tr, int model, char typeOfData[1024]) data/examl-3.0.22/examl/axml.c:1619:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(typeOfData,"AA"); data/examl-3.0.22/examl/axml.c:1622:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(typeOfData,"DNA"); data/examl-3.0.22/examl/axml.c:1625:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(typeOfData,"BINARY/MORPHOLOGICAL"); data/examl-3.0.22/examl/axml.c:1628:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(typeOfData,"SECONDARY 16 STATE MODEL USING "); data/examl-3.0.22/examl/axml.c:1632:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(typeOfData,"SECONDARY 6 STATE MODEL USING "); data/examl-3.0.22/examl/axml.c:1636:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(typeOfData,"SECONDARY 7 STATE MODEL USING "); data/examl-3.0.22/examl/axml.c:1640:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(typeOfData,"Multi-State"); data/examl-3.0.22/examl/axml.c:1643:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(typeOfData,"Codon"); data/examl-3.0.22/examl/axml.c:1743:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/examl-3.0.22/examl/axml.c:1753:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", treeIteration); data/examl-3.0.22/examl/axml.c:1760:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char typeOfData[1024]; data/examl-3.0.22/examl/axml.c:1787:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *freqNames[20] = {"A", "R", "N ","D", "C", "Q", "E", "G", data/examl-3.0.22/examl/axml.c:1812:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *freqNames[4] = {"A", "C", "G", "T"}; data/examl-3.0.22/examl/axml.c:1821:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *freqNames[2] = {"0", "1"}; data/examl-3.0.22/examl/axml.c:2290:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(tr->treeStrings[(size_t)tr->treeStringLength * (size_t)i]), tr->tree_string, sizeof(char) * tr->treeStringLength); data/examl-3.0.22/examl/axml.c:2338:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(tr->treeStrings[(size_t)tr->treeStringLength * (size_t)i]), tr->tree_string, sizeof(char) * tr->treeStringLength); data/examl-3.0.22/examl/axml.h:733:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char quartetFileName[1024]; data/examl-3.0.22/examl/axml.h:888:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bits_in_16bits [0x1u << 16]; data/examl-3.0.22/examl/axml.h:1093:52: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern void getDataTypeString(tree *tr, int model, char typeOfData[1024]); data/examl-3.0.22/examl/bipartitionList.c:435:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e->bitVector, bitVector, sizeof(unsigned int) * vectorLength); data/examl-3.0.22/examl/bipartitionList.c:462:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e->bitVector, bitVector, sizeof(unsigned int) * vectorLength); data/examl-3.0.22/examl/communication.c:88:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( srcReordered + ( (size_t) displPerProc[aIter->procId] + (size_t) seenPerProcesses[aIter->procId] ) * typeLen , data/examl-3.0.22/examl/communication.c:168:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(destination + (size_t) (partition->lower + aIter->offset) * typeLen, data/examl-3.0.22/examl/evaluateGenericSpecial.c:67:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char inverseMeaningDNA[16]; data/examl-3.0.22/examl/evaluateGenericSpecial.c:972:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr->perPartitionLH, recv, tr->NumberOfModels * sizeof(double)); data/examl-3.0.22/examl/globalVariables.h:44:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char run_id[128] = "", data/examl-3.0.22/examl/globalVariables.h:62:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *protModels[NUM_PROT_MODELS] = {"DAYHOFF", "DCMUT", "JTT", "MTREV", "WAG", "RTREV", "CPREV", "VT", "BLOSUM62", "MTMAM", "LG", "MTART", "MTZOA", "PMB", data/examl-3.0.22/examl/globalVariables.h:65:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char inverseMeaningBINARY[4] = {'_', '0', '1', '-'}; data/examl-3.0.22/examl/globalVariables.h:66:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char inverseMeaningDNA[16] = {'_', 'A', 'C', 'M', 'G', 'R', 'S', 'V', 'T', 'W', 'Y', 'H', 'K', 'D', 'B', '-'}; data/examl-3.0.22/examl/globalVariables.h:67:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char inverseMeaningPROT[23] = {'A','R', 'N', 'D', 'C', 'Q', 'E', 'G', 'H', 'I', 'L', 'K', 'M', 'F', 'P', 'S', data/examl-3.0.22/examl/globalVariables.h:69:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char inverseMeaningGeneric32[33] = {'0', '1', '2', '3', '4', '5', '6', '7', data/examl-3.0.22/examl/globalVariables.h:74:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char inverseMeaningGeneric64[33] = {'0', '1', '2', '3', '4', '5', '6', '7', data/examl-3.0.22/examl/globalVariables.h:130:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *secondaryModelList[21] = { "S6A (GTR)", "S6B", "S6C", "S6D", "S6E", "S7A (GTR)", "S7B", "S7C", "S7D", "S7E", "S7F", "S16 (GTR)", "S16A", "S16B", "S16C", data/examl-3.0.22/examl/makenewzGenericSpecial.c:817:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&send[0], dlnLdlz, sizeof(double) * tr->numBranches); data/examl-3.0.22/examl/makenewzGenericSpecial.c:818:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&send[tr->numBranches], d2lnLdlz2, sizeof(double) * tr->numBranches); data/examl-3.0.22/examl/makenewzGenericSpecial.c:829:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dlnLdlz, &recv[0], sizeof(double) * tr->numBranches); data/examl-3.0.22/examl/makenewzGenericSpecial.c:830:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d2lnLdlz2, &recv[tr->numBranches], sizeof(double) * tr->numBranches); data/examl-3.0.22/examl/models.c:3511:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr->partitionData[model].frequencies_LG4[i], f, 20 * sizeof(double)); data/examl-3.0.22/examl/models.c:3515:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr->partitionData[model].frequencies_LG4[i], frequencies, 20 * sizeof(double)); data/examl-3.0.22/examl/models.c:3531:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(frequencies, f, 20 * sizeof(double)); data/examl-3.0.22/examl/models.c:3533:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(frequencies, tr->partitionData[model].empiricalFrequencies, 20 * sizeof(double)); data/examl-3.0.22/examl/models.c:3541:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(frequencies, f, 20 * sizeof(double)); data/examl-3.0.22/examl/models.c:3547:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(frequencies, tr->partitionData[model].empiricalFrequencies, 20 * sizeof(double)); data/examl-3.0.22/examl/models.c:4173:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr->partitionData[model].empiricalFrequencies, tr->partitionData[model].frequencies, sizeof(double) * tr->partitionData[model].states); data/examl-3.0.22/examl/newviewGenericSpecial.c:373:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char inverseMeaningDNA[16]; data/examl-3.0.22/examl/optimizeModel.c:56:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char ratesFileName[1024]; data/examl-3.0.22/examl/optimizeModel.c:57:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char workdir[1024]; data/examl-3.0.22/examl/optimizeModel.c:58:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char run_id[128]; data/examl-3.0.22/examl/optimizeModel.c:59:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char lengthFileName[1024]; data/examl-3.0.22/examl/optimizeModel.c:60:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char lengthFileNameModel[1024]; data/examl-3.0.22/examl/optimizeModel.c:61:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *protModels[NUM_PROT_MODELS]; data/examl-3.0.22/examl/optimizeModel.c:194:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). list[j] = atoi(token); data/examl-3.0.22/examl/optimizeModel.c:230:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). list[j] = atoi(token); data/examl-3.0.22/examl/optimizeModel.c:1360:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&startRates[pos * 4], tr->partitionData[index].gammaRates, 4 * sizeof(double)); data/examl-3.0.22/examl/optimizeModel.c:1361:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&startExponents[pos * 4], tr->partitionData[index].weightExponents, 4 * sizeof(double)); data/examl-3.0.22/examl/optimizeModel.c:1362:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&startWeights[pos * 4], tr->partitionData[index].weights, 4 * sizeof(double)); data/examl-3.0.22/examl/optimizeModel.c:2353:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bk->patrat, partition->patrat, sizeof(double) * (size_t)partition->width); data/examl-3.0.22/examl/optimizeModel.c:2354:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bk->perSiteRates, partition->perSiteRates, sizeof(double) * (size_t)numCat); data/examl-3.0.22/examl/optimizeModel.c:2355:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bk->rateCategory, partition->rateCategory, sizeof(int) * (size_t)partition->width); data/examl-3.0.22/examl/optimizeModel.c:2376:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(partition->patrat, bk->patrat, sizeof(double) * (size_t)partition->width); data/examl-3.0.22/examl/optimizeModel.c:2377:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(partition->perSiteRates, bk->perSiteRates, sizeof(double) * (size_t)numCat); data/examl-3.0.22/examl/optimizeModel.c:2378:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(partition->rateCategory, bk->rateCategory, sizeof(int) * (size_t)partition->width); data/examl-3.0.22/examl/optimizeModel.c:2543:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gtrFileName[1024]; data/examl-3.0.22/examl/optimizeModel.c:2544:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char epsilonStr[1024]; data/examl-3.0.22/examl/optimizeModel.c:2554:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(epsilonStr, "%f", epsilon); data/examl-3.0.22/examl/optimizeModel.c:2557:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(gtrFileName, "RAxML_proteinGTRmodel."); data/examl-3.0.22/examl/optimizeModel.c:2698:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/examl-3.0.22/examl/quartets.c:50:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char workdir[1024]; data/examl-3.0.22/examl/quartets.c:51:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char run_id[128]; data/examl-3.0.22/examl/quartets.c:52:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char quartetGroupingFileName[1024]; data/examl-3.0.22/examl/quartets.c:53:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char quartetFileName[1024]; data/examl-3.0.22/examl/quartets.c:69:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void groupingParser(char *quartetGroupFileName, int *groups[4], int groupSize[4], tree *tr) data/examl-3.0.22/examl/restartHashTable.c:199:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[nmlngth+2]; data/examl-3.0.22/examl/searchAlgo.c:52:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char seq_file[1024]; data/examl-3.0.22/examl/searchAlgo.c:53:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char resultFileName[1024]; data/examl-3.0.22/examl/searchAlgo.c:54:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char tree_file[1024]; data/examl-3.0.22/examl/searchAlgo.c:55:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char workdir[1024]; data/examl-3.0.22/examl/searchAlgo.c:56:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char run_id[128]; data/examl-3.0.22/examl/searchAlgo.c:62:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char binaryCheckpointName[1024]; data/examl-3.0.22/examl/searchAlgo.c:63:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char binaryCheckpointInputName[1024]; data/examl-3.0.22/examl/searchAlgo.c:1158:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/examl-3.0.22/examl/searchAlgo.c:1170:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", ckpCount); data/examl-3.0.22/examl/searchAlgo.c:2183:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr->tree0, buffer, tr->treeStringLength * sizeof(char)); data/examl-3.0.22/examl/searchAlgo.c:2185:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr->tree1, buffer, tr->treeStringLength * sizeof(char)); data/examl-3.0.22/examl/searchAlgo.c:2460:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr->tree0, buffer, tr->treeStringLength * sizeof(char)); data/examl-3.0.22/examl/searchAlgo.c:2462:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr->tree1, buffer, tr->treeStringLength * sizeof(char)); data/examl-3.0.22/examl/searchAlgo.c:2573:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/examl-3.0.22/examl/searchAlgo.c:2591:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(fileName, "RAxML_"); data/examl-3.0.22/examl/searchAlgo.c:2592:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", bestML->nvalid); data/examl-3.0.22/examl/searchAlgo.c:2594:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(fileName, "_goodTrees."); data/examl-3.0.22/examl/treeIO.c:48:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char infoFileName[1024]; data/examl-3.0.22/examl/treeIO.c:49:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char tree_file[1024]; data/examl-3.0.22/examl/treeIO.c:246:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, "%d", p->number); data/examl-3.0.22/examl/treeIO.c:270:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, ":0.0;\n"); data/examl-3.0.22/examl/treeIO.c:272:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, ";\n"); data/examl-3.0.22/examl/treeIO.c:297:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, ":%8.20f", p->z[0]); data/examl-3.0.22/examl/treeIO.c:299:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, ":%8.20f", getBranchLength(tr, perGene, p)); data/examl-3.0.22/examl/treeIO.c:305:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, ":%8.20f", getBranchLength(tr, perGene, p)); data/examl-3.0.22/examl/treeIO.c:351:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extendedTreeFileName[1024]; data/examl-3.0.22/examl/treeIO.c:352:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/examl-3.0.22/examl/treeIO.c:360:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf,"%d", i); data/examl-3.0.22/examl/treeIO.c:361:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extendedTreeFileName, ".PARTITION."); data/examl-3.0.22/examl/treeIO.c:515:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[nmlngth+2]; data/examl-3.0.22/examl/treeIO.c:652:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[64]; data/examl-3.0.22/parser/axml.c:298:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(filename,"rb"); data/examl-3.0.22/parser/axml.c:314:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(path, mode); data/examl-3.0.22/parser/axml.c:612:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/examl-3.0.22/parser/axml.c:615:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data/examl-3.0.22/parser/axml.c:1088:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tr->initialPartitionData[0].partitionName, "No Name Provided"); data/examl-3.0.22/parser/axml.c:1124:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr->extendedDataVector, tr->initialDataVector, ((size_t)rdta->sites + 1) * sizeof(int)); data/examl-3.0.22/parser/axml.c:1190:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char data/examl-3.0.22/parser/axml.c:1193:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char data/examl-3.0.22/parser/axml.c:1196:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data/examl-3.0.22/parser/axml.c:1273:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char data/examl-3.0.22/parser/axml.c:1276:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char data/examl-3.0.22/parser/axml.c:1279:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data/examl-3.0.22/parser/axml.c:2030:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void analyzeRunId(char id[128]) data/examl-3.0.22/parser/axml.c:2179:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(infoFileName, "RAxML_info."); data/examl-3.0.22/parser/axml.c:2196:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(byteFileName, ".binary"); data/examl-3.0.22/parser/axml.c:2204:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). byteFile = fopen(byteFileName, "wb"); data/examl-3.0.22/parser/axml.c:2244:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void getDataTypeString(tree *tr, int model, char typeOfData[1024]) data/examl-3.0.22/parser/axml.c:2249:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(typeOfData,"AA"); data/examl-3.0.22/parser/axml.c:2252:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(typeOfData,"DNA"); data/examl-3.0.22/parser/axml.c:2255:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(typeOfData,"BINARY/MORPHOLOGICAL"); data/examl-3.0.22/parser/axml.c:2258:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(typeOfData,"SECONDARY 16 STATE MODEL USING "); data/examl-3.0.22/parser/axml.c:2262:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(typeOfData,"SECONDARY 6 STATE MODEL USING "); data/examl-3.0.22/parser/axml.c:2266:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(typeOfData,"SECONDARY 7 STATE MODEL USING "); data/examl-3.0.22/parser/axml.c:2270:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(typeOfData,"Multi-State"); data/examl-3.0.22/parser/axml.c:2273:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(typeOfData,"Codon"); data/examl-3.0.22/parser/axml.c:2308:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char bits_in_16bits [0x1u << 16]; data/examl-3.0.22/parser/axml.c:2588:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/examl-3.0.22/parser/axml.h:442:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char branchLabel[64]; data/examl-3.0.22/parser/axml.h:1035:52: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern void getDataTypeString(tree *tr, int model, char typeOfData[1024]); data/examl-3.0.22/parser/globalVariables.h:58:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char run_id[128] = "", data/examl-3.0.22/parser/globalVariables.h:68:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *protModels[NUM_PROT_MODELS] = {"DAYHOFF", "DCMUT", "JTT", "MTREV", "WAG", "RTREV", "CPREV", "VT", "BLOSUM62", "MTMAM", "LG", "MTART", "MTZOA", "PMB", data/examl-3.0.22/parser/globalVariables.h:71:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char inverseMeaningBINARY[4] = {'_', '0', '1', '-'}; data/examl-3.0.22/parser/globalVariables.h:72:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char inverseMeaningDNA[16] = {'_', 'A', 'C', 'M', 'G', 'R', 'S', 'V', 'T', 'W', 'Y', 'H', 'K', 'D', 'B', '-'}; data/examl-3.0.22/parser/globalVariables.h:73:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char inverseMeaningPROT[23] = {'A','R', 'N', 'D', 'C', 'Q', 'E', 'G', 'H', 'I', 'L', 'K', 'M', 'F', 'P', 'S', data/examl-3.0.22/parser/globalVariables.h:75:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char inverseMeaningGeneric32[33] = {'0', '1', '2', '3', '4', '5', '6', '7', data/examl-3.0.22/parser/globalVariables.h:80:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char inverseMeaningGeneric64[33] = {'0', '1', '2', '3', '4', '5', '6', '7', data/examl-3.0.22/parser/globalVariables.h:136:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *secondaryModelList[21] = { "S6A (GTR)", "S6B", "S6C", "S6D", "S6E", "S7A (GTR)", "S7B", "S7C", "S7D", "S7E", "S7F", "S16 (GTR)", "S16A", "S16B", "S16C", data/examl-3.0.22/parser/parsePartitions.c:55:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char modelFileName[1024]; data/examl-3.0.22/parser/parsePartitions.c:56:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char excludeFileName[1024]; data/examl-3.0.22/parser/parsePartitions.c:57:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char proteinModelFileName[1024]; data/examl-3.0.22/parser/parsePartitions.c:58:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char secondaryStructureFileName[1024]; data/examl-3.0.22/parser/parsePartitions.c:61:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char seq_file[1024]; data/examl-3.0.22/parser/parsePartitions.c:63:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *protModels[NUM_PROT_MODELS]; data/examl-3.0.22/parser/parsePartitions.c:100:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char model[128] = ""; data/examl-3.0.22/parser/parsePartitions.c:101:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char thisModel[1024]; data/examl-3.0.22/parser/parsePartitions.c:393:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/examl-3.0.22/parser/parsePartitions.c:486:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lower = atoi(buf); data/examl-3.0.22/parser/parsePartitions.c:534:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). upper = atoi(buf); data/examl-3.0.22/parser/parsePartitions.c:579:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). modulo = atoi(buf); data/examl-3.0.22/parser/parsePartitions.c:666:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/examl-3.0.22/parser/parsePartitions.c:731:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). value = atoi(buf); data/examl-3.0.22/parser/parsePartitions.c:759:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). value = atoi(buf); data/examl-3.0.22/parser/parsePartitions.c:773:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). value = atoi(buf); data/examl-3.0.22/parser/parsePartitions.c:845:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mfn[2048]; data/examl-3.0.22/parser/parsePartitions.c:877:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mfn[2048]; data/examl-3.0.22/parser/parsePartitions.c:908:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char AAmodel[1024]; data/examl-3.0.22/parser/parsePartitions.c:971:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mfn[2048]; data/examl-3.0.22/parser/parsePartitions.c:1098:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bracketTypes[4][2] = {{'(', ')'}, {'<', '>'}, {'[', ']'}, {'{', '}'}}; data/examl-3.0.22/parser/parsePartitions.c:1305:8: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tr->extendedPartitionData[i].partitionName, "SECONDARY STRUCTURE 16 STATE MODEL"); data/examl-3.0.22/parser/parsePartitions.c:1313:8: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tr->extendedPartitionData[i].partitionName, "SECONDARY STRUCTURE 6 STATE MODEL"); data/examl-3.0.22/parser/parsePartitions.c:1322:8: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tr->extendedPartitionData[i].partitionName, "SECONDARY STRUCTURE 7 STATE MODEL"); data/examl-3.0.22/examl/axml.c:1283:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(dir[strlen(dir) - 1] != separator[0]) data/examl-3.0.22/examl/axml.c:1295:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(dir[strlen(dir) - 1] != separator[0]) data/examl-3.0.22/examl/axml.c:1752:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(fileName, "."); data/examl-3.0.22/examl/axml.c:2235:15: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((ch = fgetc(f)) != EOF) data/examl-3.0.22/examl/byteFile.c:54:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). toSkip += (strlen(p->partitionName)+1 ) * sizeof(char) + sizeof(int); data/examl-3.0.22/examl/byteFile.c:62:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). toSkip += (strlen(bf->taxaNames[i]) + 1) * sizeof(char) + sizeof(int); data/examl-3.0.22/examl/byteFile.c:411:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tr->nameList[i] = (char*)calloc(strlen(bf->taxaNames[i-1]) + 1, sizeof(char)); data/examl-3.0.22/examl/optimizeModel.c:184:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *ch = (char *)calloc(strlen(linkageString), sizeof(char)), data/examl-3.0.22/examl/optimizeModel.c:186:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ch, linkageString, strlen(linkageString)); data/examl-3.0.22/examl/optimizeModel.c:186:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(ch, linkageString, strlen(linkageString)); data/examl-3.0.22/examl/optimizeModel.c:219:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *ch = (char*)calloc(strlen(linkageString), sizeof(char)), data/examl-3.0.22/examl/optimizeModel.c:222:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ch, linkageString, strlen(linkageString)); data/examl-3.0.22/examl/optimizeModel.c:222:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(ch, linkageString, strlen(linkageString)); data/examl-3.0.22/examl/optimizeModel.c:2559:8: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(gtrFileName, "_"); data/examl-3.0.22/examl/quartets.c:90:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((ch = getc(f)) != EOF) data/examl-3.0.22/examl/quartets.c:456:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ckp.quartetFileName, quartetFileName, 1024); data/examl-3.0.22/examl/searchAlgo.c:1169:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(extendedName, "_"); data/examl-3.0.22/examl/treeIO.c:133:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p->word = (char*)calloc(strlen(s) + 1, sizeof(char)); data/examl-3.0.22/examl/treeIO.c:386:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((ch = getc(fp)) != EOF && ch != ']') { data/examl-3.0.22/examl/treeIO.c:403:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((ch = getc(fp)) != EOF) { data/examl-3.0.22/examl/treeIO.c:449:8: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(fp); data/examl-3.0.22/examl/treeIO.c:456:12: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(fp); data/examl-3.0.22/examl/treeIO.c:466:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(fp); data/examl-3.0.22/examl/treeIO.c:475:12: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(fp); data/examl-3.0.22/examl/treeIO.c:536:26: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (n > 0 && ((ch = getc(fp1)) != EOF)) { data/examl-3.0.22/parser/axml.c:720:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(INFILE); data/examl-3.0.22/parser/axml.c:722:8: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(INFILE); data/examl-3.0.22/parser/axml.c:729:10: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(INFILE); data/examl-3.0.22/parser/axml.c:744:8: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(INFILE); data/examl-3.0.22/parser/axml.c:749:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int)strlen(buffer) + 1; data/examl-3.0.22/parser/axml.c:757:39: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((j < rdta->sites) && ((ch = getc(INFILE)) != EOF) && (ch != '\n') && (ch != '\r')) data/examl-3.0.22/parser/axml.c:828:55: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (ch != '\n' && ch != EOF && ch != '\r') ch = getc(INFILE); /* flush line *//* PC-LINEBREAK*/ data/examl-3.0.22/parser/axml.c:974:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p->word = (char *)malloc((strlen(s) + 1) * sizeof(char)); data/examl-3.0.22/parser/axml.c:1130:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tr->extendedPartitionData[i].partitionName = (char*)malloc((strlen(tr->initialPartitionData[i].partitionName) + 1) * sizeof(char)); data/examl-3.0.22/parser/axml.c:2783:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(tr->nameList[i]) + 1; data/examl-3.0.22/parser/axml.c:2816:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(p->partitionName) + 1; data/examl-3.0.22/parser/parsePartitions.c:67:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int i, n = strlen(line); data/examl-3.0.22/parser/parsePartitions.c:161:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(thisModel, "F"); data/examl-3.0.22/parser/parsePartitions.c:185:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(thisModel, "X"); data/examl-3.0.22/parser/parsePartitions.c:341:22: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). register int c = getc(stream); data/examl-3.0.22/parser/parsePartitions.c:438:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(cc); data/examl-3.0.22/parser/parsePartitions.c:685:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((ch = getc(f)) != EOF) data/examl-3.0.22/parser/parsePartitions.c:701:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((ch = getc(f)) != EOF) data/examl-3.0.22/parser/parsePartitions.c:852:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(mfn, "."); data/examl-3.0.22/parser/parsePartitions.c:881:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(mfn, "."); data/examl-3.0.22/parser/parsePartitions.c:912:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(AAmodel, "F"); data/examl-3.0.22/parser/parsePartitions.c:975:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(mfn, "."); data/examl-3.0.22/parser/parsePartitions.c:1104:19: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((ch = fgetc(f)) != EOF) data/examl-3.0.22/parser/parsePartitions.c:1135:19: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((ch = fgetc(f)) != EOF) data/examl-3.0.22/parser/parsePartitions.c:1267:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). partBuffer[i].partitionName = (char*)malloc((strlen(tr->extendedPartitionData[i].partitionName) + 1) * sizeof(char)); data/examl-3.0.22/parser/parsePartitions.c:1282:68: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tr->extendedPartitionData[i].partitionName = (char*)malloc((strlen(partBuffer[i].partitionName) + 1) * sizeof(char)); ANALYSIS SUMMARY: Hits = 321 Lines analyzed = 37821 in approximately 1.01 seconds (37326 lines/second) Physical Source Lines of Code (SLOC) = 27337 Hits@level = [0] 438 [1] 51 [2] 184 [3] 2 [4] 84 [5] 0 Hits@level+ = [0+] 759 [1+] 321 [2+] 270 [3+] 86 [4+] 84 [5+] 0 Hits/KSLOC@level+ = [0+] 27.7646 [1+] 11.7423 [2+] 9.87672 [3+] 3.14592 [4+] 3.07276 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.