Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/fasta3-36.3.8h.2020-02-11/src/a_mark.h
Examining data/fasta3-36.3.8h.2020-02-11/src/aamap.h
Examining data/fasta3-36.3.8h.2020-02-11/src/ag_stats.c
Examining data/fasta3-36.3.8h.2020-02-11/src/aln_structs.h
Examining data/fasta3-36.3.8h.2020-02-11/src/alt_parms.h
Examining data/fasta3-36.3.8h.2020-02-11/src/altlib.h
Examining data/fasta3-36.3.8h.2020-02-11/src/apam.c
Examining data/fasta3-36.3.8h.2020-02-11/src/best_stats.h
Examining data/fasta3-36.3.8h.2020-02-11/src/build_ares.c
Examining data/fasta3-36.3.8h.2020-02-11/src/c_dispn.c
Examining data/fasta3-36.3.8h.2020-02-11/src/cal_cons.c
Examining data/fasta3-36.3.8h.2020-02-11/src/cal_cons2.c
Examining data/fasta3-36.3.8h.2020-02-11/src/cal_consf.c
Examining data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c
Examining data/fasta3-36.3.8h.2020-02-11/src/compacc2.c
Examining data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c
Examining data/fasta3-36.3.8h.2020-02-11/src/dec_pthr_subs.c
Examining data/fasta3-36.3.8h.2020-02-11/src/dec_pthr_subs.h
Examining data/fasta3-36.3.8h.2020-02-11/src/defs.h
Examining data/fasta3-36.3.8h.2020-02-11/src/doinit.c
Examining data/fasta3-36.3.8h.2020-02-11/src/drop_func.h
Examining data/fasta3-36.3.8h.2020-02-11/src/dropff2.c
Examining data/fasta3-36.3.8h.2020-02-11/src/dropfs2.c
Examining data/fasta3-36.3.8h.2020-02-11/src/dropfx.c
Parsing failed to find end of parameter list; semicolon terminated it in (pstring1[1], "%s matrix (%d:%d)%s, gap-pen: %d/%d, shift: %d\n ktup: %d, %s, width: %3d",
#else
sprintf (pstring1[1], "%s matrix (%d:%d)%s, open/ext: %d/%d, shift: %d\n ktup: %d, %s, width: %3d",
Parsing failed to find end of parameter list; semicolon terminated it in (pstring2, "; pg_name_alg: %s\n; pg_ver_rel: %s\n; pg_matrix: %s (%d:%d)%s\n\
; pg_gap-pen: %d %d\n; pg_ktup: %d\n; %s\n",
#else
sprintf (pstring2, "; pg_name_alg: %s\n; pg_ver_rel: %s\n; pg_mat
Examining data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c
Parsing failed to find end of parameter list; semicolon terminated it in (pstring1[1], "%s matrix (%d:%d)%s, gap-pen: %d/%d, shift: %d\n ktup: %d, %s, width: %3d",
#else
sprintf (pstring1[1], "%s matrix (%d:%d)%s, open/ext: %d/%d, shift: %d\n ktup: %d, %s, width: %3d",
Parsing failed to find end of parameter list; semicolon terminated it in (pstring2, "; pg_name_alg: %s\n; pg_ver_rel: %s\n; pg_matrix: %s (%d:%d)%s\n\
; pg_gap-pen: %d %d\n; pg_ktup: %d\n; %s\n",
#else
sprintf (pstring2, "; pg_name_alg: %s\n; pg_ver_rel: %s\n; pg_mat
Examining data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c
Parsing failed to find end of parameter list; semicolon terminated it in (pstring2, "; pg_name_alg: %s\n; pg_ver_rel: %s\n; pg_matrix: %s (%d:%d)%s\n\
; pg_gap-pen: %d %d\n; pg_ktup: %d\n; %s\n",
#else
sprintf (pstring2, "; pg_name_alg: %s\n; pg_ver_rel: %s\n; pg_ma
Examining data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c
Parsing failed to find end of parameter list; semicolon terminated it in (pstring2, "; pg_name_alg: %s\n; pg_ver_rel: %s\n; pg_matrix: %s (%d:%d)%s\n\
; pg_gap-pen: %d %d\n; pg_ktup: %d\n; %s\n",
#else
sprintf (pstring2, "; pg_name_alg: %s\n; pg_ver_rel: %s\n; pg_ma
Examining data/fasta3-36.3.8h.2020-02-11/src/dropgsw2.c
Parsing failed to find end of parameter list; semicolon terminated it in (pstring2,"; pg_name_alg: %s\n; pg_ver_rel: %s\n; pg_matrix: %s%s (%d:%d)%s\n; pg_gap-pen: %d %d\n",
#else
sprintf(pstring2,"; pg_name_alg: %s\n; pg_ver_rel: %s\n; pg_matrix: %s%s (%d:%d)%s\n; pg
Examining data/fasta3-36.3.8h.2020-02-11/src/dropgsw2.h
Examining data/fasta3-36.3.8h.2020-02-11/src/dropnfa.c
Examining data/fasta3-36.3.8h.2020-02-11/src/dropnfa.h
Examining data/fasta3-36.3.8h.2020-02-11/src/dropnnw2.c
Parsing failed to find end of parameter list; semicolon terminated it in (pstring2,"; pg_name_alg: %s\n; pg_ver_rel: %s\n; pg_matrix: %s (%d:%d)%s\n; pg_gap-pen: %d %d\n",
#else
sprintf(pstring2,"; pg_name_alg: %s\n; pg_ver_rel: %s\n; pg_matrix: %s (%d:%d)%s\n; pg_ope
Examining data/fasta3-36.3.8h.2020-02-11/src/dropnsw.c
Examining data/fasta3-36.3.8h.2020-02-11/src/dyn_string.h
Examining data/fasta3-36.3.8h.2020-02-11/src/faatran.c
Examining data/fasta3-36.3.8h.2020-02-11/src/getenv.c
Examining data/fasta3-36.3.8h.2020-02-11/src/getopt.c
Examining data/fasta3-36.3.8h.2020-02-11/src/getseq.c
Examining data/fasta3-36.3.8h.2020-02-11/src/global_sse2.h
Examining data/fasta3-36.3.8h.2020-02-11/src/glocal_sse2.h
Examining data/fasta3-36.3.8h.2020-02-11/src/h_altlib.h
Examining data/fasta3-36.3.8h.2020-02-11/src/htime.c
Examining data/fasta3-36.3.8h.2020-02-11/src/initfa.c
Examining data/fasta3-36.3.8h.2020-02-11/src/karlin.c
Examining data/fasta3-36.3.8h.2020-02-11/src/last_tat.c
Examining data/fasta3-36.3.8h.2020-02-11/src/last_thresh.c
Examining data/fasta3-36.3.8h.2020-02-11/src/lav_defs.h
Examining data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c
Examining data/fasta3-36.3.8h.2020-02-11/src/list_db.c
Examining data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c
Examining data/fasta3-36.3.8h.2020-02-11/src/lsim4.c
Examining data/fasta3-36.3.8h.2020-02-11/src/lsim4.h
Examining data/fasta3-36.3.8h.2020-02-11/src/map_db.c
Examining data/fasta3-36.3.8h.2020-02-11/src/mm_file.h
Examining data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c
Examining data/fasta3-36.3.8h.2020-02-11/src/mrandom.c
Examining data/fasta3-36.3.8h.2020-02-11/src/msg.h
Examining data/fasta3-36.3.8h.2020-02-11/src/mshowalign2.c
Examining data/fasta3-36.3.8h.2020-02-11/src/mshowbest.c
Examining data/fasta3-36.3.8h.2020-02-11/src/mw.h
Examining data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c
Examining data/fasta3-36.3.8h.2020-02-11/src/ncbl2_head.h
Examining data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c
Examining data/fasta3-36.3.8h.2020-02-11/src/ncbl_head.h
Examining data/fasta3-36.3.8h.2020-02-11/src/ncbl_lib.c
Examining data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c
Examining data/fasta3-36.3.8h.2020-02-11/src/param.h
Examining data/fasta3-36.3.8h.2020-02-11/src/pcomp_bufs.h
Examining data/fasta3-36.3.8h.2020-02-11/src/pcomp_subs2.c
Examining data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c
Examining data/fasta3-36.3.8h.2020-02-11/src/print_pssm.c
Examining data/fasta3-36.3.8h.2020-02-11/src/pssm_asn_subs.c
Examining data/fasta3-36.3.8h.2020-02-11/src/pthr_subs.h
Examining data/fasta3-36.3.8h.2020-02-11/src/pthr_subs2.c
Examining data/fasta3-36.3.8h.2020-02-11/src/randtest.c
Examining data/fasta3-36.3.8h.2020-02-11/src/re_getlib.c
Examining data/fasta3-36.3.8h.2020-02-11/src/res_stats.c
Examining data/fasta3-36.3.8h.2020-02-11/src/rstruct.h
Examining data/fasta3-36.3.8h.2020-02-11/src/sc_to_e.c
Examining data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c
Examining data/fasta3-36.3.8h.2020-02-11/src/scaleswt.c
Examining data/fasta3-36.3.8h.2020-02-11/src/showrss.c
Examining data/fasta3-36.3.8h.2020-02-11/src/smith_waterman_altivec.c
Examining data/fasta3-36.3.8h.2020-02-11/src/smith_waterman_altivec.h
Examining data/fasta3-36.3.8h.2020-02-11/src/smith_waterman_sse2.h
Examining data/fasta3-36.3.8h.2020-02-11/src/structs.h
Examining data/fasta3-36.3.8h.2020-02-11/src/tatstats.c
Examining data/fasta3-36.3.8h.2020-02-11/src/tatstats.h
Examining data/fasta3-36.3.8h.2020-02-11/src/thr_buf_structs.h
Examining data/fasta3-36.3.8h.2020-02-11/src/thr_bufs2.h
Examining data/fasta3-36.3.8h.2020-02-11/src/uascii.h
Examining data/fasta3-36.3.8h.2020-02-11/src/upam.h
Examining data/fasta3-36.3.8h.2020-02-11/src/url_subs.c
Examining data/fasta3-36.3.8h.2020-02-11/src/uthr_subs.h
Examining data/fasta3-36.3.8h.2020-02-11/src/wm_align.c
Examining data/fasta3-36.3.8h.2020-02-11/src/work_thr2.c
Examining data/fasta3-36.3.8h.2020-02-11/src/global_sse2.c
Examining data/fasta3-36.3.8h.2020-02-11/src/glocal_sse2.c
Examining data/fasta3-36.3.8h.2020-02-11/src/smith_waterman_sse2.c
FINAL RESULTS:
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:312:5: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(dfname,"_rlib",sizeof(dfname));
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:556:5: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(tmp_query,libstr,sizeof(tmp_query)-1);
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:557:5: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(tmp_query,bp+1,sizeof(tmp_query)-1);
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:622:5: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(tmp_query,libstr,sizeof(tmp_query));
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:623:5: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(tmp_query,bp+1,sizeof(tmp_query));
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:549:5: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(tmp_query,libstr,sizeof(tmp_query)-1);
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:550:5: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(tmp_query,bp+1,sizeof(tmp_query)-1);
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:615:5: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(tmp_query,libstr,sizeof(tmp_query));
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:616:5: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(tmp_query,bp+1,sizeof(tmp_query));
data/fasta3-36.3.8h.2020-02-11/src/c_dispn.c:249:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(afmt,"%%-%ds %%s\n",nml);
data/fasta3-36.3.8h.2020-02-11/src/c_dispn.c:273:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(afmt,"%%-5s %%-%dld %%s %%-ld\n",digit_len);
data/fasta3-36.3.8h.2020-02-11/src/c_dispn.c:412:16: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (ll0) fprintf(fd,afmt,name0,line[0]);
data/fasta3-36.3.8h.2020-02-11/src/c_dispn.c:413:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (ll01) fprintf(fd,afmt,name01,line[1]);
data/fasta3-36.3.8h.2020-02-11/src/c_dispn.c:414:16: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (ll1) fprintf(fd,afmt,name1,line[2]);
data/fasta3-36.3.8h.2020-02-11/src/c_dispn.c:430:16: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (ll0) fprintf(fd,afmt,name0,q_start,line[0],q_end);
data/fasta3-36.3.8h.2020-02-11/src/c_dispn.c:431:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (ll01) fprintf(fd,afmt0,blank,line[1]);
data/fasta3-36.3.8h.2020-02-11/src/c_dispn.c:432:16: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (ll1) fprintf(fd,afmt,name1,s_start,line[2],s_end);
data/fasta3-36.3.8h.2020-02-11/src/c_dispn.c:466:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fd,afmtf,name0,sq0off,sq0off+n0-1,100.0,line);
data/fasta3-36.3.8h.2020-02-11/src/c_dispn.c:486:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fd,afmtf,name1,min0+sq0off,max0+sq0off-1,score,percent,line);
data/fasta3-36.3.8h.2020-02-11/src/c_dispn.c:492:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fd,afmtf, name1,min0+sq0off,max0+sq0off-1,line);
data/fasta3-36.3.8h.2020-02-11/src/cal_cons2.c:1010:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_str,"%s%c%c",local_str,sp0,sp1);
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:962:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_str," - %d %s", m_msg.n0, m_msg.sqnam);
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:965:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_str," - %d %s in %d fragments", m_msg.n0 - (m_msg.nm0-1), m_msg.sqnam, m_msg.nm0);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:879:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(info_hstring[0],"; mp_extrap: %d %ld\n; mp_stats: %s\n; mp_KS: %6.4f (N=%d) at %3d\n",
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:887:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(info_hstring[1],"; mp_Algorithm: %s\n; mp_Parameters: %s\n",info_gstring2[0],info_gstring2[1]);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1479:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
status = system(link_script);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1563:3: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
mktemp(lib_db_file);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1590:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
status = system(lib_db_script);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1754:14: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
status = system(annot_script);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:2187:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(annot_script,"%s \"%s\" %ld",sname+1, bline_descr,q_offset+m_msp->n0);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:2190:16: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
annot_fd = popen(annot_script,"r");
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:3977:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tmp_str,d1_fmt,
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:3982:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tmp_str,d1_fmt,
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:3990:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_str," : %s",ann_comment);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:4086:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tmp_lstr, dt1_fmt, q_min, i0_pos+1,
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:4092:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tmp_lstr,dt2_fmt,
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:4112:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tmp_lstr,dt1_fmt, this_annot_p->label,i0_pos+1, sp0,
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:893:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(info_hstring[0],"; mp_extrap: %d %ld\n; mp_stats: %s\n; mp_KS: %6.4f (N=%d) at %3d\n",
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:901:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(info_hstring[1],"; mp_Algorithm: %s\n; mp_Parameters: %s\n",info_gstring2[0],info_gstring2[1]);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1498:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
status = system(link_script);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1582:3: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
mktemp(lib_db_file);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1614:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
status = system(lib_db_script);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1787:14: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
status = system(annot_script);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:2221:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(annot_script,"%s \"%s\" %ld",sname+1, bline_descr,q_offset+m_msp->n0);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:2224:16: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
annot_fd = popen(annot_script,"r");
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:4210:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tmp_str,d1_fmt,
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:4215:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tmp_str,d1_fmt,
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:4223:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_str," : %s",ann_comment);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:4328:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tmp_lstr, dt1_fmt, q_min, i0_pos+1,
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:4334:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tmp_lstr,dt2_fmt,
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:4349:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_lstr, "%s;",tmp_str);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:4363:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tmp_lstr,dt1_fmt, this_dom_p->annot_entry_p->label,i0_pos+1, sp0,
data/fasta3-36.3.8h.2020-02-11/src/dropff2.c:358:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring1[0], "%s (%s)",pg_str,verstr);
data/fasta3-36.3.8h.2020-02-11/src/dropff2.c:359:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring1[1], "%s matrix (%d:%d), join: %d",
data/fasta3-36.3.8h.2020-02-11/src/dropff2.c:365:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring2, "; pg_name_alg: %s\n; pg_ver_rel: %s\n; pg_matrix: %s (%d:%d)\n\
data/fasta3-36.3.8h.2020-02-11/src/dropfs2.c:515:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring1[0], "%s (%s)",pg_str,verstr);
data/fasta3-36.3.8h.2020-02-11/src/dropfs2.c:516:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring1[1], "%s matrix (%d:%d), ktup=%d",
data/fasta3-36.3.8h.2020-02-11/src/dropfs2.c:522:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring2, "; pg_name_alg: %s\n; pg_ver_rel: %s\n; pg_matrix: %s (%d:%d)\n\
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:530:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring1[0], "%s (%s)",pg_str,verstr);
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:533:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring1[0], "%s (%s) [optimized]",pg_str,verstr);
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:537:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring1[1], "%s matrix (%d:%d)%s, gap-pen: %d/%d, shift: %d\n ktup: %d, %s, width: %3d",
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:539:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring1[1], "%s matrix (%d:%d)%s, open/ext: %d/%d, shift: %d\n ktup: %d, %s, width: %3d",
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:550:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring2, "; pg_name_alg: %s\n; pg_ver_rel: %s\n; pg_matrix: %s (%d:%d)%s\n\
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:553:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring2, "; pg_name_alg: %s\n; pg_ver_rel: %s\n; pg_matrix: %s (%d:%d)%s\n\
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:548:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring1[0], "%s (%s)",pg_str,verstr);
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:551:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring1[0], "%s (%s) [optimized]",pg_str,verstr);
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:555:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring1[1], "%s matrix (%d:%d)%s, gap-pen: %d/%d, shift: %d\n ktup: %d, %s, width: %3d",
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:557:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring1[1], "%s matrix (%d:%d)%s, open/ext: %d/%d, shift: %d\n ktup: %d, %s, width: %3d",
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:568:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring2, "; pg_name_alg: %s\n; pg_ver_rel: %s\n; pg_matrix: %s (%d:%d)%s\n\
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:571:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring2, "; pg_name_alg: %s\n; pg_ver_rel: %s\n; pg_matrix: %s (%d:%d)%s\n\
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:3824:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_str,"%s%c%c",local_str,sp0,sp1);
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:715:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring1[0], "%s (%s)",pg_str, verstr);
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:717:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring1[0], "%s (%s) [optimized]",pg_str, verstr);
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:719:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (pstring1[1],
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:735:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring2, "; pg_name_alg: %s\n; pg_ver_rel: %s\n; pg_matrix: %s (%d:%d)%s\n\
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:738:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring2, "; pg_name_alg: %s\n; pg_ver_rel: %s\n; pg_matrix: %s (%d:%d)%s\n\
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:731:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring1[0], "%s (%s)",pg_str, verstr);
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:733:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring1[0], "%s (%s) [optimized]",pg_str, verstr);
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:735:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (pstring1[1],
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:751:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring2, "; pg_name_alg: %s\n; pg_ver_rel: %s\n; pg_matrix: %s (%d:%d)%s\n\
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:754:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring2, "; pg_name_alg: %s\n; pg_ver_rel: %s\n; pg_matrix: %s (%d:%d)%s\n\
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:3772:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_str,"%s%c%c",local_str,sp0,sp1);
data/fasta3-36.3.8h.2020-02-11/src/dropgsw2.c:675:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring1[0], "%s (%s)", pg_str, verstr);
data/fasta3-36.3.8h.2020-02-11/src/dropgsw2.c:676:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (pstring1[1],
data/fasta3-36.3.8h.2020-02-11/src/dropgsw2.c:687:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pstring2,"; pg_name_alg: %s\n; pg_ver_rel: %s\n; pg_matrix: %s%s (%d:%d)%s\n; pg_gap-pen: %d %d\n",
data/fasta3-36.3.8h.2020-02-11/src/dropgsw2.c:689:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pstring2,"; pg_name_alg: %s\n; pg_ver_rel: %s\n; pg_matrix: %s%s (%d:%d)%s\n; pg_open-ext: %d %d\n",
data/fasta3-36.3.8h.2020-02-11/src/dropnfa.c:463:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring1[0], "%s (%s)", pg_str, verstr);
data/fasta3-36.3.8h.2020-02-11/src/dropnfa.c:467:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring1[0], "%s (%s) [optimized]", pg_str, verstr);
data/fasta3-36.3.8h.2020-02-11/src/dropnfa.c:470:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (pstring1[1],
data/fasta3-36.3.8h.2020-02-11/src/dropnfa.c:484:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (pstring2,
data/fasta3-36.3.8h.2020-02-11/src/dropnnw2.c:514:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring1[0], "%s (%s)", pg_str, verstr);
data/fasta3-36.3.8h.2020-02-11/src/dropnnw2.c:515:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (pstring1[1],
data/fasta3-36.3.8h.2020-02-11/src/dropnnw2.c:526:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pstring2,"; pg_name_alg: %s\n; pg_ver_rel: %s\n; pg_matrix: %s (%d:%d)%s\n; pg_gap-pen: %d %d\n",
data/fasta3-36.3.8h.2020-02-11/src/dropnnw2.c:528:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pstring2,"; pg_name_alg: %s\n; pg_ver_rel: %s\n; pg_matrix: %s (%d:%d)%s\n; pg_open-ext: %d %d\n",
data/fasta3-36.3.8h.2020-02-11/src/dropnsw.c:267:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pstring1[0], " %s (%s)", pg_str, verstr);
data/fasta3-36.3.8h.2020-02-11/src/dropnsw.c:268:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (pstring1[1],
data/fasta3-36.3.8h.2020-02-11/src/dropnsw.c:278:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(pstring2,
data/fasta3-36.3.8h.2020-02-11/src/initfa.c:3016:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string, " [%s]", opt_ptr->s_param); break;
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:803:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(m_fd->mmap_base+m_fd->d_pos_arr[lpos]+4,"%s %s %s %s %ld\n",
data/fasta3-36.3.8h.2020-02-11/src/mshowalign2.c:230:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fmt,">%%-%ds\n%%sLength=%%d\n",l_llen+15);
data/fasta3-36.3.8h.2020-02-11/src/mshowalign2.c:234:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fmt,"%s%%-%ds (%%d %s)\n",A_MARK,l_llen-5,m_msp->sqnam);
data/fasta3-36.3.8h.2020-02-11/src/mshowalign2.c:563:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, fmt,bline_p,annot_var_dyn->string,n1tot);
data/fasta3-36.3.8h.2020-02-11/src/mshowalign2.c:566:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, fmt,bline_p,n1tot);
data/fasta3-36.3.8h.2020-02-11/src/mshowalign2.c:798:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(link_name,"%s_%d",l_name, cur_ares_p->index);
data/fasta3-36.3.8h.2020-02-11/src/mshowbest.c:499:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, fmt,bline_p,n1tot);
data/fasta3-36.3.8h.2020-02-11/src/mshowbest.c:504:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, fmt2,"\n+-");
data/fasta3-36.3.8h.2020-02-11/src/mshowbest.c:656:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(link_name,"%s_%d",l_name, cur_ares_p->index);
data/fasta3-36.3.8h.2020-02-11/src/mshowbest.c:725:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_string,"|XD:%ld-%ld;C=%s",annot->pos+1,annot->end+1,annot->comment);
data/fasta3-36.3.8h.2020-02-11/src/mshowbest.c:728:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_string,"|X%c:%ld-%ld;C=%s",annot->label, annot->pos+1,annot->end+1,annot->comment);
data/fasta3-36.3.8h.2020-02-11/src/mshowbest.c:733:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_string,"|DX:%ld-%ld;C=%s",annot->pos+1,annot->end+1,annot->comment);
data/fasta3-36.3.8h.2020-02-11/src/mshowbest.c:736:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_string,"|%cX:%ld-%ld;C=%s",annot->label, annot->pos+1,annot->end+1,annot->comment);
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:161:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sql_db,bps); /* strcpy OK because allocated strlen(bps) */
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:253:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sql_do,bps);
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:291:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_fptr->sql_query,bps);
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:312:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_fptr->sql_getdesc,bps);
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:332:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_fptr->sql_getseq,bps);
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:351:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_fptr->sql_close_tables,bps);
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:1742:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(descr,"gi|%d|%s|%s|%s ",gi,db_type_arr[my_db],acc,name);
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:1745:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (acc[0] != '\0') sprintf(descr,"%s ",acc);
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:1747:54: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (name[0] != '\0' && strcmp(name,"BL_ORD_ID")!=0) sprintf(descr+strlen(descr),"%s ", name);
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:2429:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line+7,"%s",dname);
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:2432:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line+8,"%s",msk_name);
data/fasta3-36.3.8h.2020-02-11/src/ncbl_lib.c:395:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"*%-9s ",bp0+1);
data/fasta3-36.3.8h.2020-02-11/src/ncbl_lib.c:397:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf(str,"%-10s ",bp0+1);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:246:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
libf=popen(acc_script,"r");
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1171:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(&lm_fd->lline[5],"%s",id);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1253:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(&lm_fd->lline[5],"%s",id);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1562:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(&lm_fd->lline[4],"%s %s %s %s %ld",
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:171:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sql_db,bps); /* strcpy OK because allocated strlen(bps) */
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:262:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sql_do,bps);
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:305:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(m_fptr->sql_query,bps);
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:326:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_fptr->sql_getdesc,bps);
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:346:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_fptr->sql_getseq,bps);
data/fasta3-36.3.8h.2020-02-11/src/pthr_subs.h:8:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (status != 0) {fprintf(stderr,string); \
data/fasta3-36.3.8h.2020-02-11/src/res_stats.c:228:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line,"%s %d %d %d %lf %lf %d %d %d",
data/fasta3-36.3.8h.2020-02-11/src/res_stats.c:476:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(info_hstring1,"; mp_extrap: %d %ld\n; mp_stats: %s\n; mp_KS: %6.4f (N=%d) at %3d\n",
data/fasta3-36.3.8h.2020-02-11/src/res_stats.c:530:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bline,"%-12s %d",bbp->libstr,bbp->lib);
data/fasta3-36.3.8h.2020-02-11/src/res_stats.c:533:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(outfd,fmt,bline,bbp->n1);
data/fasta3-36.3.8h.2020-02-11/src/res_stats.c:543:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout,fmt,bline,bbp->n1);
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:521:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(f_string,"%s Expectation_v fit: rho(%s)= %6.4f+/-%6.3g; mu= %6.4f+/-%6.3f;\n rho2=%6.2f; mu2= %6.2f, 0's: %d Z-trim: %d B-trim: %d in %d/%d",
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:527:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(f_string,"%s Expectation_n fit: rho(%s)= %6.4f+/-%6.3g; mu= %6.4f+/-%6.3f\n mean_var=%6.4f+/-%6.3f, 0's: %d Z-trim(%.1f): %d B-trim: %d in %d/%d\n Lambda= %8.6f",
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:601:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(f_string,"%s Expectation_i fit: rho(ln(x))= %6.4f+/-%6.3g; mu= %6.4f+/-%6.3f;\n mean_var=%6.4f+/-%6.3f 0's: %d Z-trim: %d N-it: %d\n Lambda= %8.6f",
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:812:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(f_string,
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:851:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(f_string,"%s MLE statistics: Lambda= %6.4f; K=%6.4g",
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:939:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(f_string,"%s MLE-2 statistics: a0= %6.4f; a1=%6.4f; a2=%6.4f; b1=%6.4f\n ave Lamdba: %6.4f",
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:949:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(f_string,"%s MLE-2-cen statistics: a0= %6.4f; a1=%6.4f; a2=%6.4f; b1=%6.4f (cen=%d)\n ave Lambda:%6.4f",
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:1700:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(f_string,
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:3108:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pstat_buf,"%s zsflag: %d\n",comment,pu->zsflag);
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:3110:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pstat_buf,"%s ngLambda: %g; ngK: %g; ngH: %g\n",comment,pu->ngLambda,pu->ngK,pu->ngH);
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:3112:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pstat_buf,"%s ave_n1: %g; sample_fract: %g; zs_off: %g\n",comment,
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:3115:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pstat_buf,"%s mle2_stat_str: {\n",comment);
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:3117:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pstat_buf,"%s a_n0 %g;\n",comment,pu->r_u.m2.a_n0);
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:3119:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pstat_buf,"%s mle2_a0: %g; mle2_a1: %g; mle2_a2: %g; mle2_b1: %g\n",comment,
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:3122:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pstat_buf,"%s ave_comp: %g; max_comp: %g; ave_H: %g }\n",comment,
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:3127:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pstat_buf,"%s ag_stat_str: {\n",comment);
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:3129:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pstat_buf,"%s K: %g; Lambda: %g; a_n0f: %g; a_n0: %g }\n",comment,
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:3134:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pstat_buf,"%s rstat_str (LN_FACT: %.1f): {\n",comment,LN_FACT);
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:3136:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pstat_buf,"%s rho: %g; rho_e: %g; mu: %g; mu_e: %g;\n",comment,
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:3139:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pstat_buf,"%s mean_var: %g; var_e: %g; mean_var_sqrt: %g\n",comment,
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:3142:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pstat_buf,"%s rho2: %g; mu2: %g; var_cutoff: %g\n",comment,
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:3145:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pstat_buf,"%s n_trimmed: %d; n1_trimmed: %d; nb_trimmed: %d; nb_tot: %d }\n",comment,
data/fasta3-36.3.8h.2020-02-11/src/scaleswt.c:347:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(f_string,"%s Expectation_n fit: rho(ln(x))= %6.4f+/-%6.3g; mu= %6.4f+/-%6.3f\n mean_var=%6.4f+/-%6.3f, 0's: %d Z-trim: %d B-trim: %d in %d/%d\n Lambda= %6.4f",
data/fasta3-36.3.8h.2020-02-11/src/scaleswt.c:457:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(f_string,"%s unscaled statistics: mu= %6.4f var=%6.4f; Lambda= %6.4f",
data/fasta3-36.3.8h.2020-02-11/src/scaleswt.c:1538:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pstat_buf,"%s zsflag: %d\n",comment,pu->zsflag);
data/fasta3-36.3.8h.2020-02-11/src/scaleswt.c:1540:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pstat_buf,"%s ngLambda: %g; ngK: %g; ngH: %g\n",comment,pu->ngLambda,pu->ngK,pu->ngH);
data/fasta3-36.3.8h.2020-02-11/src/scaleswt.c:1543:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pstat_buf,"%s rho: %g; rho_e: %g; mu: %g; mu_e: %g;\n",comment,
data/fasta3-36.3.8h.2020-02-11/src/scaleswt.c:1547:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pstat_buf,"%s mean_var: %g; var_e: %gg\n",comment,
data/fasta3-36.3.8h.2020-02-11/src/scaleswt.c:1551:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pstat_buf,"%s rho2: %g; mu2: %g; var_cutoff: %g\n",comment,
data/fasta3-36.3.8h.2020-02-11/src/scaleswt.c:1555:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pstat_buf,"%s n_trimmed: %d; n1_trimmed: %d; nb_trimmed: %d; nb_tot: %d\n",comment,
data/fasta3-36.3.8h.2020-02-11/src/scaleswt.c:1559:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pstat_buf,"%s tat_a: %g; tat_b: %g; tat_c: %g; spacefactor: %g\n",comment,
data/fasta3-36.3.8h.2020-02-11/src/scaleswt.c:1563:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pstat_buf,"%s have_tat: %d; tie_j: %d; eval_is_pval: %d; zdb_size: %ld\n",comment,
data/fasta3-36.3.8h.2020-02-11/src/url_subs.c:49:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, fmt, label, value);
data/fasta3-36.3.8h.2020-02-11/src/url_subs.c:185:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (ref_url != NULL) {fprintf(fp,ref_url,db,my_l_name);}
data/fasta3-36.3.8h.2020-02-11/src/url_subs.c:190:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp,srch_url,my_q_name, my_l_name,db,lib,pgm,
data/fasta3-36.3.8h.2020-02-11/src/url_subs.c:198:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp,srch_url1,my_q_name, my_l_name,db,lib,pgm,
data/fasta3-36.3.8h.2020-02-11/src/url_subs.c:257:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp,dom_url,o_pgm,
data/fasta3-36.3.8h.2020-02-11/src/url_subs.c:330:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "%cDomain:\t%ld-%ld\t%s\n",
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:3008:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cptr=getenv("LIB_MEMK"))!=NULL) {
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:257:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv(bp+2)!=NULL) {
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:258:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strncat(dest, getenv(bp+2), dest_size - strlen(dest) - 1);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1421:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((bp=getenv("TMP_DIR"))!=NULL) {
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1556:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((bp=getenv("TMP_DIR"))!=NULL) {
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1713:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((bp=getenv("TMP_DIR"))!=NULL) {
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:259:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv(bp+2)!=NULL) {
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:260:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strncat(dest, getenv(bp+2), dest_size - strlen(dest) - 1);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1434:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((bp=getenv("TMP_DIR"))!=NULL) {
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1575:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((bp=getenv("TMP_DIR"))!=NULL) {
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1739:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((bp=getenv("TMP_DIR"))!=NULL) {
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:258:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cptr=getenv("FASTLIBS"))!=NULL) {
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:364:19: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((copt = getopt (argc, argv, optstring)) != EOF)
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:444:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
else if ((cptr = getenv("FA_ANNOT_DEF"))) {
data/fasta3-36.3.8h.2020-02-11/src/getopt.c:21:1: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt(argc, argv, opts)
data/fasta3-36.3.8h.2020-02-11/src/print_pssm.c:139:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((copt = getopt(argc, argv, "P:s:"))!=EOF) {
data/fasta3-36.3.8h.2020-02-11/src/url_subs.c:174:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ref_url = getenv("REF_URL");
data/fasta3-36.3.8h.2020-02-11/src/url_subs.c:175:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
srch_url = getenv("SRCH_URL");
data/fasta3-36.3.8h.2020-02-11/src/url_subs.c:176:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
srch_url1 = getenv("SRCH_URL1");
data/fasta3-36.3.8h.2020-02-11/src/url_subs.c:178:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
dom_url = getenv("DOMAIN_PLOT_URL");
data/fasta3-36.3.8h.2020-02-11/src/url_subs.c:290:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("JSON_HTML")) {
data/fasta3-36.3.8h.2020-02-11/src/aamap.h:7:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aacmap[64]={
data/fasta3-36.3.8h.2020-02-11/src/apam.c:60:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ppst->pamoff=atoi(bp+1);
data/fasta3-36.3.8h.2020-02-11/src/apam.c:65:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ppst->pamoff= -atoi(bp+1);
data/fasta3-36.3.8h.2020-02-11/src/apam.c:77:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[512], *lp;
data/fasta3-36.3.8h.2020-02-11/src/apam.c:80:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char l_sq[MAXSQ+1];
data/fasta3-36.3.8h.2020-02-11/src/apam.c:87:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fmat = fopen (mfname, "r")) == NULL)
data/fasta3-36.3.8h.2020-02-11/src/apam.c:178:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pval=ppst->pam2[0][p_i][p_j]=atoi(lp); /* convert to integer */
data/fasta3-36.3.8h.2020-02-11/src/c_dispn.c:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[3][MAXOUT]; /* alignment lines [0,2], similarity code [1] */
data/fasta3-36.3.8h.2020-02-11/src/c_dispn.c:61:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cline[2][MAXOUT+10], *clinep[2]; /* coordinate line */
data/fasta3-36.3.8h.2020-02-11/src/c_dispn.c:72:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digit_tmp[32];
data/fasta3-36.3.8h.2020-02-11/src/c_dispn.c:76:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blank[32], afmt[32], afmt0[32];
data/fasta3-36.3.8h.2020-02-11/src/c_dispn.c:269:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(digit_tmp,"%ld",max(q_digit_max, s_digit_max));
data/fasta3-36.3.8h.2020-02-11/src/c_dispn.c:322:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&clinep[0][i-qfxn],"%8ld",qqoff+1l);
data/fasta3-36.3.8h.2020-02-11/src/c_dispn.c:327:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&clinep[0][i-qfxn],"%8ld",0l);
data/fasta3-36.3.8h.2020-02-11/src/c_dispn.c:332:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&clinep[0][i-qfxn],"%8ld",qqoff+1);
data/fasta3-36.3.8h.2020-02-11/src/c_dispn.c:353:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&clinep[1][i-lfxn],"%8ld",lloff+1l);
data/fasta3-36.3.8h.2020-02-11/src/c_dispn.c:358:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&clinep[1][i],"%8ld",0l);
data/fasta3-36.3.8h.2020-02-11/src/c_dispn.c:363:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&clinep[1][i-lfxn],"%8ld",lloff+1);
data/fasta3-36.3.8h.2020-02-11/src/c_dispn.c:447:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXOUT+1];
data/fasta3-36.3.8h.2020-02-11/src/c_dispn.c:448:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char afmt[16], afmtf[64];
data/fasta3-36.3.8h.2020-02-11/src/c_dispn.c:451:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(afmt,"%%-%ds",nml);
data/fasta3-36.3.8h.2020-02-11/src/cal_cons.c:645:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_cnt[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/cal_cons.c:668:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,"%d%c",op_cnt,up_dp->op_map[op_idx]);
data/fasta3-36.3.8h.2020-02-11/src/cal_cons.c:671:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,"%c%d",up_dp->op_map[op_idx],op_cnt);
data/fasta3-36.3.8h.2020-02-11/src/cal_cons.c:680:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_cnt[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/cal_cons.c:767:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_astr[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/cal_cons.c:964:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_astr, "|%c%c:%ld%c%c%ld%c",
data/fasta3-36.3.8h.2020-02-11/src/cal_cons.c:1091:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/cal_cons.c:1179:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,"%c%d%c;",sq[aa1p[i1]],i1+1,sp1);
data/fasta3-36.3.8h.2020-02-11/src/cal_cons.c:1196:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,"q%c%d%c;",sq[aa0[i0]],i0+1,sp0);
data/fasta3-36.3.8h.2020-02-11/src/cal_cons2.c:264:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_astr[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/cal_cons2.c:292:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_astr, "|%c%c:%ld%c%c%ld%c",
data/fasta3-36.3.8h.2020-02-11/src/cal_cons2.c:329:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/cal_cons2.c:581:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,"%c%d%c;",sq[aa1p[i1]],i1+1,*sp1_p);
data/fasta3-36.3.8h.2020-02-11/src/cal_cons2.c:611:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,"q%c%d%c;",sq[aa0[i0]],i0+1,*sp0_p);
data/fasta3-36.3.8h.2020-02-11/src/cal_cons2.c:945:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_cnt[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/cal_cons2.c:952:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_cnt,"%d",up_dp->p_op_cnt);
data/fasta3-36.3.8h.2020-02-11/src/cal_cons2.c:978:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,"%d%c",op_cnt,up_dp->op_map[op_idx]);
data/fasta3-36.3.8h.2020-02-11/src/cal_cons2.c:981:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,"%c%d",up_dp->op_map[op_idx],op_cnt);
data/fasta3-36.3.8h.2020-02-11/src/cal_cons2.c:996:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local_str[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/cal_cons2.c:1007:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(local_str,"%d",up_dp->p_op_cnt);
data/fasta3-36.3.8h.2020-02-11/src/cal_cons2.c:1019:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_cnt[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/cal_consf.c:333:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_cnt[20];
data/fasta3-36.3.8h.2020-02-11/src/cal_consf.c:342:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_astr[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/cal_consf.c:449:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_astr, "|%ld:%ld:%c%c:%c%c%c",
data/fasta3-36.3.8h.2020-02-11/src/cal_consf.c:486:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char align_char[4]={"=-+"};
data/fasta3-36.3.8h.2020-02-11/src/cal_consf.c:487:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cigar_char[4]={"MDI"};
data/fasta3-36.3.8h.2020-02-11/src/cal_consf.c:488:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_cnt[20];
data/fasta3-36.3.8h.2020-02-11/src/cal_consf.c:493:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_cnt,"%d%c",op_cnt,cigar_char[op]);
data/fasta3-36.3.8h.2020-02-11/src/cal_consf.c:497:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_cnt,"%c%d[%d]",align_char[op],op_cnt,fnum);
data/fasta3-36.3.8h.2020-02-11/src/cal_consf.c:499:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_cnt,"%c%d",align_char[op],op_cnt);
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:323:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void print_header4(FILE *fd, char *info_qlabel, char *argv_line, char *info_gstring3,
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:323:49: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void print_header4(FILE *fd, char *info_qlabel, char *argv_line, char *info_gstring3,
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:323:66: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void print_header4(FILE *fd, char *info_qlabel, char *argv_line, char *info_gstring3,
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:324:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *info_hstring_p[2], struct mngmsg *m_msp, struct pstruct *ppst);
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:351:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext_qtitle[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:416:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *aa0[6], *aa0s;
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:421:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:422:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char link_title[MAX_LSTR];
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:432:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info_lib_range[MAX_FN];
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:434:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info_pgm_abbr[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:435:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info_qlabel[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:436:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *info_gstring2p[2];
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:437:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info_gstring3[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:438:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *info_hstring_p[2];
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:439:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fdata_pstat_info[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:485:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rline[MAX_FN];
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:486:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char argv_line[MAX_LSTR];
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:880:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdata=fopen(m_msg.dfile,"w");
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:996:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(info_lib_range," (range: %d-%d)",pst.n1_low,pst.n1_high);
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:998:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(info_lib_range," (range: >%d)",pst.n1_low);
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:1000:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(info_lib_range," (range: <%d)",pst.n1_high);
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:1123:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aa0[1],aa0[0],m_msg.n0+1);
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:1274:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((outfd=fopen(m_msg.outfile,"w"))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:1301:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((cur_markx->out_fd=fopen(cur_markx->out_file,"w"))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:2499:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aa1,getlib_info->aa1save,m_msp->ldb_info.l_overlap);
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:2637:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(getlib_info->aa1save,&aa1[n1-m_msp->ldb_info.l_overlap],m_msp->ldb_info.l_overlap);
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:2741:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest_seq_p,lib_buf2_dp->seq,sizeof(struct seq_record));
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:2742:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest_mseq_p,lib_buf2_dp->mseq,sizeof(struct mseq_record));
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:2777:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest_seq_p,bbp->seq,sizeof(struct seq_record));
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:2778:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest_mseq_p,bbp->mseq,sizeof(struct mseq_record));
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:112:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aa0[1],aa0[0],n0+1);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:126:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*aa0s,aa0[0],n0);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:214:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aaray[128]; /* this must be set > nsq */
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:496:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:568:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void print_header4(FILE *fd, char *info_qlabel, char *argv_line, char *info_gstring3, char *info_hstring_p[2],
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:568:49: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void print_header4(FILE *fd, char *info_qlabel, char *argv_line, char *info_gstring3, char *info_hstring_p[2],
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:568:66: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void print_header4(FILE *fd, char *info_qlabel, char *argv_line, char *info_gstring3, char *info_hstring_p[2],
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:568:87: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void print_header4(FILE *fd, char *info_qlabel, char *argv_line, char *info_gstring3, char *info_hstring_p[2],
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:657:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstr1[26], tstr2[26];
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:658:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char memstr[256];
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:676:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(memstr," in memory [%ldG]",(tot_memK >> 20));
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:724:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hline[80], pch, *bp;
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:814:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&hline[10]," one = represents %d library sequences",dotsiz);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:818:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&hline[10]," inset = represents %d library sequences",ddotsiz);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:967:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bline[MAX_BLINE];
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1064:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bbp->seq->aa1b, aa1save, bbp->seq->n1+1);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1193:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (from != to) memcpy((void *)to,(void *)from,n);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1211:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (from != to) memcpy((void *)to,(void *)from,n);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1252:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)to,(void *)from,n);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1399:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_line[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1400:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char link_acc_file[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1404:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char link_script[MAX_LSTR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1428:17: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
link_acc_fd = mkstemp(link_acc_file);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1498:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((link_fd=fopen(link_lib_file,"r"))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1515:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_line," %d",link_lib_type);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1542:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_line[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1544:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lib_db_script[MAX_LSTR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1614:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_line," %d",lib_db_type);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1683:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_line[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1684:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char annot_bline_file[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1687:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char annot_script[MAX_LSTR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1720:22: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
annot_bline_fd = mkstemp(annot_bline_file);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1783:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((annot_fd=fopen(annot_descr_file,"r"))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1905:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctmp_label, ctmp_value, tmp_comment[MAX_STR], annot_acc[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1941:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
f_pos=atoi(tmp_line) - 1; /* get first field -- f_pos, converted to 0-offset */
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1944:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (ctmp_label == '-') { f_end = atoi(bp+1) -1; ctmp_value = '\0';}
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:2155:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_line[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:2157:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bline_descr[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:2158:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char annot_data_file[MAX_LSTR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:2159:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char annot_script[MAX_LSTR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:2194:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
annot_fd=fopen(annot_data_file,"r");
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:3307:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l_bline[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:3420:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aa1shuff, aa1save, n1+1);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:3858:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_region_p, annot_arr[i_annot],sizeof(struct annot_entry));
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:3971:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[MAX_LSTR], tc, ann_ch0, ann_ch1;
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:4008:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str, "|%c%c:%ld%c%c%ld%c",
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:4027:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_lstr[MAX_LSTR], ctarget, tmp_sstr[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:113:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aa0[1],aa0[0],n0+1);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:127:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*aa0s,aa0[0],n0);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:216:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aaray[128]; /* this must be set > nsq */
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:497:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:582:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void print_header4(FILE *fd, char *info_qlabel, char *argv_line, char *info_gstring3, char *info_hstring_p[2],
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:582:49: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void print_header4(FILE *fd, char *info_qlabel, char *argv_line, char *info_gstring3, char *info_hstring_p[2],
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:582:66: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void print_header4(FILE *fd, char *info_qlabel, char *argv_line, char *info_gstring3, char *info_hstring_p[2],
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:582:87: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void print_header4(FILE *fd, char *info_qlabel, char *argv_line, char *info_gstring3, char *info_hstring_p[2],
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:671:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstr1[26], tstr2[26];
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:672:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char memstr[256];
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:690:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(memstr," in memory [%ldG]",(tot_memK >> 20));
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:738:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hline[80], pch, *bp;
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:828:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&hline[10]," one = represents %d library sequences",dotsiz);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:832:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&hline[10]," inset = represents %d library sequences",ddotsiz);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:981:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bline[MAX_BLINE];
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1077:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bbp->seq->aa1b, aa1save, bbp->seq->n1+1);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1206:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (from != to) memcpy((void *)to,(void *)from,n);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1224:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (from != to) memcpy((void *)to,(void *)from,n);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1265:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)to,(void *)from,n);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1412:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_line[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1413:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char link_acc_file[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1417:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char link_script[MAX_LSTR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1441:17: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
link_acc_fd = mkstemp(link_acc_file);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1517:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((link_fd=fopen(link_lib_file,"r"))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1534:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_line," %d",link_lib_type);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1561:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_line[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1563:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lib_db_script[MAX_LSTR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1638:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_line," %d",lib_db_type);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1707:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_line[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1708:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char annot_bline_file[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1711:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char annot_script[MAX_LSTR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1746:22: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
annot_bline_fd = mkstemp(annot_bline_file);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1823:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((annot_fd=fopen(annot_descr_file,"r"))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1951:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctmp_label, ctmp_value, tmp_comment[MAX_STR], annot_acc[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1994:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
f_pos=atoi(tmp_line) - 1; /* get first field -- f_pos, converted to 0-offset */
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1997:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (ctmp_label == '-') { f_end = atoi(bp+1) -1; ctmp_value = '\0';}
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:2181:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_line[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:2183:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bline_descr[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:2184:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char annot_data_file[MAX_LSTR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:2185:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char annot_script[MAX_LSTR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:2228:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
annot_fd=fopen(annot_data_file,"r");
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:3369:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l_bline[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:3482:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aa1shuff, aa1save, n1+1);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:4204:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[MAX_LSTR], tc, ann_ch0, ann_ch1;
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:4241:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str, "|%c%c:%ld%c%c%ld%c",
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:4269:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_lstr[MAX_LSTR], ctarget, tmp_str[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:71:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prog_name[MAX_FN];
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:209:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char g_optstring[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:210:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f_optstring[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:211:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char optstring[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:639:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *bp, *bpf, line[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:640:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_annot_env[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:646:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((def_fp = fopen(tmp_annot_env,"r"))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/dropff2.c:362:34: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (ppstr->param_u.fa.iniflag) strcat(pstring1[0]," init1");
data/fasta3-36.3.8h.2020-02-11/src/dropfs2.c:519:34: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (ppstr->param_u.fa.iniflag) strcat(pstring1[0]," init1");
data/fasta3-36.3.8h.2020-02-11/src/dropfs2.c:1383:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&a_res->rst, &rst, sizeof(rst));
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:504:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char options_str1[128];
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:505:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char options_str2[128];
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:513:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(options_str1,"join: %d (%.3g), opt: %d (%.3g)",
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:516:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(options_str2,"pg_join: %d (%.3g)\n; pg_optcut: %d (%.3g)",
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:521:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(options_str1,"E-join: %.2g (%.3g), E-opt: %.2g (%.3g)",
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:524:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(options_str2,"pg_join_E(): %.2g (%.3g)\n; pg_optcut_E(): %.2g (%.3g)",
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:546:33: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (ppst->param_u.fa.iniflag) strcat(pstring1[0]," init1");
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:2077:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line1[100], line2[100], line3[100],
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:2244:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_xaa, xaa+l_min, l_max - l_min);
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:2265:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_yaa, yaa+l_min, l_max - l_min);
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:2448:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_yaa, yaa, nxyaa);
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:2457:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_xaa, xaa, nxyaa);
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:2503:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_yaa, yaa+cur_ares->max1+1,nxyaa);
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:2512:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_xaa, xaa+cur_ares->max0+1,nxyaa);
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:2828:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[MAX_LSTR];
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:3330:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_cnt[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:3360:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,"%d%c",op_cnt,up_dp->op_map[op_idx]);
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:3363:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,"%c%d",up_dp->op_map[op_idx],op_cnt);
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:3372:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_cnt[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:3449:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char op_char[10], ann_ch0, ann_ch1;
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:3457:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_astr[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:3463:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:3577:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_astr, "|%ld:%ld:X%c:%c%c%c",
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:3580:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_astr, "|%ld:%ld:%cX:%c%c%c",
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:3645:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_astr, "|X%c:%ld%c%c%ld%c",
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:3648:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_astr, "|%cX:%ld%c%c%ld%c",
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:3713:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_astr, "|X%c:%ld%c%c%ld%c",
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:3716:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_astr, "|%cX:%ld%c%c%ld%c",
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:3783:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_astr, "|%ld:%ld:X%c:%c%c%c",
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:3787:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_astr, "|%ld:%ld:%cX:%c%c%c",
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:3897:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:3986:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,"%c%d%c;",sq[ap1[i1]],i1+1,sp1);
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:4014:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,"%c%d%c;",sq[ap1[i1]],i1+1,sp1);
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:4046:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,"%c%d%c;",sq[ap1[i1]],i1+1,sp1);
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:522:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char options_str1[128];
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:523:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char options_str2[128];
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:531:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(options_str1,"join: %d (%.3g), opt: %d (%.3g)",
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:534:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(options_str2,"pg_join: %d (%.3g)\n; pg_optcut: %d (%.3g)",
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:539:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(options_str1,"E-join: %.2g (%.3g), E-opt: %.2g (%.3g)",
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:542:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(options_str2,"pg_join_E(): %.2g (%.3g)\n; pg_optcut_E(): %.2g (%.3g)",
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:564:33: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (ppst->param_u.fa.iniflag) strcat(pstring1[0]," init1");
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:2119:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line1[100], line2[100], line3[100],
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:2290:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_xaa, xaa+l_min, l_max - l_min);
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:2311:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_yaa, yaa+l_min, l_max - l_min);
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:2495:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_yaa, yaa, nxyaa);
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:2504:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_xaa, xaa, nxyaa);
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:2550:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_yaa, yaa+cur_ares->max1+1,nxyaa);
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:2559:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_xaa, xaa+cur_ares->max0+1,nxyaa);
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:2867:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_astr[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:2878:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_astr, "|%c%c:%ld%c%c%ld%c",
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:2931:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[MAX_LSTR];
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:3272:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,"%c%d%c;",sq[ap1[i1]],i1+1,*sp1_p);
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:3375:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,"%c%d%c;",sq[ap1[i1]],i1+1,*sp1_p);
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:3499:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,"%c%d%c;",sq[ap1[i1]],i1+1,*sp1_p);
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:3746:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_cnt[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:3752:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_cnt,"%d",up_dp->p_op_cnt);
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:3781:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,"%d%c",op_cnt,up_dp->op_map[op_idx]);
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:3784:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,"%c%d",up_dp->op_map[op_idx],op_cnt);
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:3801:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local_str[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:3809:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,"%d**",up_dp->p_op_cnt);
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:3821:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(local_str,"%d",up_dp->p_op_cnt);
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:3844:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_cnt[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:216:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aacmap[64];
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:218:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char le[MAXLC+1][64];
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:689:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char options_str1[128];
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:690:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char options_str2[128];
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:698:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(options_str1,"join: %d (%.3g), opt: %d (%.3g)",
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:701:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(options_str2,"pg_join: %d (%.3g)\n; pg_optcut: %d (%.3g)",
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:706:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(options_str1,"E-join: %.2g (%.3g), E-opt: %.2g (%.3g)",
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:709:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(options_str2,"pg_join_E(): %.2g (%.3g)\n; pg_optcut_E(): %.2g (%.3g)",
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:731:33: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (ppst->param_u.fa.iniflag) strcat(pstring1[0]," init1");
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:2159:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line1[100], line2[100], line3[100],
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:2330:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_aa1,aa1+l_min, l_max - l_min);
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:2353:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_aa1,aa1+l_min, l_max - l_min);
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:2380:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_aa1,aa1+l_min, l_max - l_min);
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:2521:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_aa1, aa1, cur_ares->v_len);
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:2575:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_aa1,aa1+sq_start,cur_ares->v_len);
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:2797:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[MAX_LSTR];
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:2883:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pre_annot1,s_annot1_arr_p[i1_annot], sizeof(struct annot_entry));
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:3266:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_cnt[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:3296:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,"%d%c",op_cnt,up_dp->op_map[op_idx]);
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:3299:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,"%c%d",up_dp->op_map[op_idx],op_cnt);
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:3308:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_cnt[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:3387:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char op_char[10], ann_ch0, ann_ch1;
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:3393:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_astr[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:3467:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pre_annot1,s_annot1_arr_p[i1_annot], sizeof(struct annot_entry));
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:3563:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_astr, "|X%c:%ld%c%c%ld%c",
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:3566:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_astr, "|%cX:%ld%c%c%ld%c",
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:3625:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_astr, "|X%c:%ld%c%c%ld%c",
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:3628:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_astr, "|%cX:%ld%c%c%ld%c",
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:3696:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_astr, "|X%c:%ld%c%c%ld%c",
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:3699:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_astr, "|%cX:%ld%c%c%ld%c",
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:3808:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:3873:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,"%c%d%c;",ppst->sq[aap],i1+1,sp1);
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:3899:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,"%c%d%c;",ppst->sq[aap],i1+1,sp1);
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:3924:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,"%c%d%c;",ppst->sq[aap],i1+1,sp1);
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:217:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aacmap[64];
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:219:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char le[MAXLC+1][64];
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:705:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char options_str1[128];
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:706:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char options_str2[128];
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:714:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(options_str1,"join: %d (%.3g), opt: %d (%.3g)",
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:717:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(options_str2,"pg_join: %d (%.3g)\n; pg_optcut: %d (%.3g)",
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:722:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(options_str1,"E-join: %.2g (%.3g), E-opt: %.2g (%.3g)",
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:725:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(options_str2,"pg_join_E(): %.2g (%.3g)\n; pg_optcut_E(): %.2g (%.3g)",
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:747:33: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (ppst->param_u.fa.iniflag) strcat(pstring1[0]," init1");
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:2178:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line1[100], line2[100], line3[100],
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:2349:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_aa1,aa1+l_min, l_max - l_min);
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:2372:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_aa1,aa1+l_min, l_max - l_min);
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:2399:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_aa1,aa1+l_min, l_max - l_min);
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:2541:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_aa1, aa1, cur_ares->v_len);
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:2595:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_aa1,aa1+sq_start,cur_ares->v_len);
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:2820:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_astr[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:2831:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_astr, "|%c%c:%ld%c%c%ld%c",
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:2886:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[MAX_LSTR];
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:3122:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,"%c%d%c;",ppst->sq[ap1[i1]],i1+1,*sp1_p);
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:3248:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,"%c%d%c;",sq[ap1[i1]],i1+1,*sp1_p);
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:3369:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,"%c%d%c;",ppst->sq[ap1[i1]],i1+1,*sp1_p);
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:3688:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_cnt[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:3694:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_cnt,"%d",up_dp->p_op_cnt);
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:3727:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,"%d%c",op_cnt,up_dp->op_map[op_idx]);
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:3730:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,"%c%d",up_dp->op_map[op_idx],op_cnt);
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:3747:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local_str[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:3757:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,"%d**",up_dp->p_op_cnt);
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:3769:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(local_str,"%d",up_dp->p_op_cnt);
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:3781:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_cnt[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/dropgsw2.c:659:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pg_str[120];
data/fasta3-36.3.8h.2020-02-11/src/dropgsw2.c:660:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char psi_str[120];
data/fasta3-36.3.8h.2020-02-11/src/dropnfa.c:437:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char options_str1[128];
data/fasta3-36.3.8h.2020-02-11/src/dropnfa.c:438:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char options_str2[128];
data/fasta3-36.3.8h.2020-02-11/src/dropnfa.c:446:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(options_str1,"join: %d (%0.3g), opt: %d (%0.3g)",
data/fasta3-36.3.8h.2020-02-11/src/dropnfa.c:449:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(options_str2,"pg_join: %d (%.3g)\n; pg_optcut: %d (%.3g)",
data/fasta3-36.3.8h.2020-02-11/src/dropnfa.c:454:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(options_str1,"E-join: %.2g (%.3g), E-opt: %.2g (%.3g)",
data/fasta3-36.3.8h.2020-02-11/src/dropnfa.c:457:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(options_str2,"pg_join_E(): %.2g (%.3g)\n; pg_optcut_E(): %.2g (%.3g)",
data/fasta3-36.3.8h.2020-02-11/src/dropnfa.c:464:37: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (ppstr->param_u.fa.iniflag) strcat(pstring1[0]," init1");
data/fasta3-36.3.8h.2020-02-11/src/dropnfa.c:1402:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_aa1,aa1+l_min, l_max - l_min);
data/fasta3-36.3.8h.2020-02-11/src/dropnfa.c:1448:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_aa1,aa1,cur_ares->min1);
data/fasta3-36.3.8h.2020-02-11/src/dropnfa.c:1488:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_aa1,aa1+cur_ares->max1, local_n1);
data/fasta3-36.3.8h.2020-02-11/src/dropnnw2.c:492:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pg_str[120];
data/fasta3-36.3.8h.2020-02-11/src/dropnnw2.c:493:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char psi_str[120];
data/fasta3-36.3.8h.2020-02-11/src/dropnsw.c:260:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char psi_str[120];
data/fasta3-36.3.8h.2020-02-11/src/faatran.c:215:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char aacmap[64]={
data/fasta3-36.3.8h.2020-02-11/src/getenv.c:19:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fenv=fopen("environment","r"))!=NULL) {
data/fasta3-36.3.8h.2020-02-11/src/getopt.c:8:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[3];\
data/fasta3-36.3.8h.2020-02-11/src/getseq.c:100:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char seq_title[200];
data/fasta3-36.3.8h.2020-02-11/src/getseq.c:123:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[512],*bp, *bp1, *bpn, *tp;
data/fasta3-36.3.8h.2020-02-11/src/getseq.c:157:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fptr=fopen(filen,"r"))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/getseq.c:267:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[512];
data/fasta3-36.3.8h.2020-02-11/src/getseq.c:285:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fptr=fopen(filen,"r"))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/initfa.c:646:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_str[128];
data/fasta3-36.3.8h.2020-02-11/src/initfa.c:649:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(err_str,"Cannot allocate 2D pam matrix: %d",d1);
data/fasta3-36.3.8h.2020-02-11/src/initfa.c:654:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(err_str,"Cannot allocate 2D pam matrix: %d",d1);
data/fasta3-36.3.8h.2020-02-11/src/initfa.c:659:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(err_str,"Cannot allocate 2D pam matrix: %d",d1);
data/fasta3-36.3.8h.2020-02-11/src/initfa.c:667:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(err_str,"Cannot allocate 2d pam matrix: %d",d2);
data/fasta3-36.3.8h.2020-02-11/src/initfa.c:1209:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ppst->pgpfile_type = atoi(bp+1);
data/fasta3-36.3.8h.2020-02-11/src/initfa.c:1393:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char save_str[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/initfa.c:1731:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qline[40];
data/fasta3-36.3.8h.2020-02-11/src/initfa.c:2284:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dline[512];
data/fasta3-36.3.8h.2020-02-11/src/initfa.c:2578:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dline[512];
data/fasta3-36.3.8h.2020-02-11/src/initfa.c:2579:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matrix[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/initfa.c:2764:42: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ppst->pgpfile_type == 0) && (fp=fopen(ppst->pgpfile,"rb"))) {
data/fasta3-36.3.8h.2020-02-11/src/initfa.c:2768:47: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((ppst->pgpfile_type == 1) && (fp=fopen(ppst->pgpfile,"r"))) {
data/fasta3-36.3.8h.2020-02-11/src/initfa.c:2772:47: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((ppst->pgpfile_type == 2) && (fp=fopen(ppst->pgpfile,"rb"))) {
data/fasta3-36.3.8h.2020-02-11/src/initfa.c:3001:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, " [+%d/%d]", opt_ptr->i_param1, opt_ptr->i_param2);
data/fasta3-36.3.8h.2020-02-11/src/initfa.c:3008:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, " [%d]", opt_ptr->i_param1); break;
data/fasta3-36.3.8h.2020-02-11/src/initfa.c:3010:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, " [%d,%d]", opt_ptr->i_param1, opt_ptr->i_param2); break;
data/fasta3-36.3.8h.2020-02-11/src/initfa.c:3012:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, " [%.4g]", opt_ptr->d_param1); break;
data/fasta3-36.3.8h.2020-02-11/src/initfa.c:3014:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, " [%.4g,%.4g]", opt_ptr->d_param1, opt_ptr->d_param2); break;
data/fasta3-36.3.8h.2020-02-11/src/initfa.c:3038:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_string[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/initfa.c:3156:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_string[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/last_tat.c:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bline[60];
data/fasta3-36.3.8h.2020-02-11/src/last_tat.c:141:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(bbp->rst),&rst,sizeof(struct rstruct));
data/fasta3-36.3.8h.2020-02-11/src/last_thresh.c:36:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char thresh_str[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/last_thresh.c:59:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(thresh_str,"Threshold: E() < %.2g score: %d\n",ppst->e_cut, ppst->repeat_thresh);
data/fasta3-36.3.8h.2020-02-11/src/lav_defs.h:12:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lvstr[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:43:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ldname[MAX_FN];
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:55:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *bp, tsave[MAX_STR], *tname;
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:56:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lline[MAX_FN], *llp;
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:75:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((tptr=fopen(tname,"r"))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:103:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_STR], *bp;
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:104:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *chstr[MAX_CH],*chfile[MAX_CH];
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:116:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fch=fopen(flstr,"r"))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:184:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_FN*2], *bp, *bp1;
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:185:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *llnames[MAX_LF]; /* pointers into new list of names */
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:220:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fch=fopen(flstr,"r"))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:287:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[MAX_STR], *bp, *bp1;
data/fasta3-36.3.8h.2020-02-11/src/list_db.c:55:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lname[256];
data/fasta3-36.3.8h.2020-02-11/src/list_db.c:56:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iname[256];
data/fasta3-36.3.8h.2020-02-11/src/list_db.c:57:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[4];
data/fasta3-36.3.8h.2020-02-11/src/list_db.c:95:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lib_type = atoi(bp+1);
data/fasta3-36.3.8h.2020-02-11/src/list_db.c:102:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((libi=fopen(iname,"r"))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/list_db.c:183:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[4];
data/fasta3-36.3.8h.2020-02-11/src/list_db.c:199:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[4];
data/fasta3-36.3.8h.2020-02-11/src/list_db.c:213:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[8];
data/fasta3-36.3.8h.2020-02-11/src/list_db.c:228:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[4];
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:53:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char llibstr0[256];
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:54:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char llibstr1[256];
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:55:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char o_line[256];
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:61:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char seq_title[200];
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[512],*bp;
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:96:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fptr=fopen(filen,"r"))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:222:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[512];
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:244:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fptr=fopen(filen,"r"))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:276:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lline[MAXLINE];
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:287:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char libn_save[MAX_FN];
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:304:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dfname[MAX_FN];
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:313:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dfile = fopen(dfname,"w");
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:321:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rline[10],libn[MAX_FN], *bp;
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:378:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lib_desc[120];
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:396:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)aa_save,(void *)seq,n1_save);
data/fasta3-36.3.8h.2020-02-11/src/map_db.c:97:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lname[256];
data/fasta3-36.3.8h.2020-02-11/src/map_db.c:98:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bname[256];
data/fasta3-36.3.8h.2020-02-11/src/map_db.c:99:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iname[256];
data/fasta3-36.3.8h.2020-02-11/src/map_db.c:100:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[4];
data/fasta3-36.3.8h.2020-02-11/src/map_db.c:154:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lib_type = atoi(bp+1);
data/fasta3-36.3.8h.2020-02-11/src/map_db.c:188:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((b_fd = fopen(bname, "w")) == NULL) {
data/fasta3-36.3.8h.2020-02-11/src/map_db.c:278:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((libi=fopen(iname,"w"))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/map_db.c:333:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((b_fd=fopen(iname,"w"))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/map_db.c:388:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lline[MAXLINE+1];
data/fasta3-36.3.8h.2020-02-11/src/map_db.c:400:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((libf=fopen(lname,"r"))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/map_db.c:522:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[4];
data/fasta3-36.3.8h.2020-02-11/src/map_db.c:536:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[4];
data/fasta3-36.3.8h.2020-02-11/src/map_db.c:552:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[8];
data/fasta3-36.3.8h.2020-02-11/src/mm_file.h:66:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opt_text[MAX_FN]; /* text after filename */
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:117:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[4];
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:118:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bname[MAX_FN], xbname[MAX_FN];
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:173:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mm_flag = (m_fd->mmap_fd=open(bname,O_RDONLY) >= 0);
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:188:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((libi_b = fopen(xbname,"r"))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:212:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mmb_flag=((m_fd->mmap_fd=open(bname,O_RDONLY))>=0);
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:279:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mm_flag=((m_fd->mmap_fd=open(sname,O_RDONLY))>=0);
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:552:16: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*l_off = atol(bp+3); /* this addresses an apparent bug in sscanf for non-null terminated strings */
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:611:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seq, m_fd->mmap_base+m_fd->b_pos_arr[lpos], min(seq_len+1,maxs));
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:785:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[20];
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:786:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gcg_date[6];
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:787:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gcg_type[10];
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:985:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *bp, *bp_gid, locus[120], desc[120], acc[120], ver[120];
data/fasta3-36.3.8h.2020-02-11/src/mshowalign2.c:142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[20];
data/fasta3-36.3.8h.2020-02-11/src/mshowalign2.c:143:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info_str[200];
data/fasta3-36.3.8h.2020-02-11/src/mshowalign2.c:144:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bline[2048], *qline_p, *bline_p, *bl_ptr, *bp, *bp1, fmt[40];
data/fasta3-36.3.8h.2020-02-11/src/mshowalign2.c:148:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name0[80], name0s[80], name1[200];
data/fasta3-36.3.8h.2020-02-11/src/mshowalign2.c:149:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l_name[128], link_name[140]; /* link name */
data/fasta3-36.3.8h.2020-02-11/src/mshowalign2.c:170:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char html_pre_E[120], html_post_E[120];
data/fasta3-36.3.8h.2020-02-11/src/mshowalign2.c:194:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&l_aln, &(m_msp->aln),sizeof(struct a_struct));
data/fasta3-36.3.8h.2020-02-11/src/mshowalign2.c:396:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (m_msp->nframe > 2) sprintf(&l_name[strlen(l_name)],"_%d",bbp->frame+1);
data/fasta3-36.3.8h.2020-02-11/src/mshowalign2.c:401:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,":%d",bbp->mseq->cont-1);
data/fasta3-36.3.8h.2020-02-11/src/mshowalign2.c:420:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(info_str," comp: %.5f H: %.5f",bbp->rst.comp,bbp->rst.H);
data/fasta3-36.3.8h.2020-02-11/src/mshowbest.c:121:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bline[MAX_BLINE], fmt[40], pad[MAX_BLINE], fmt2[40], rline[40];
data/fasta3-36.3.8h.2020-02-11/src/mshowbest.c:122:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l_name[128], link_name[140];
data/fasta3-36.3.8h.2020-02-11/src/mshowbest.c:132:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rel_label[12];
data/fasta3-36.3.8h.2020-02-11/src/mshowbest.c:133:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char score_label[120];
data/fasta3-36.3.8h.2020-02-11/src/mshowbest.c:134:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[20], *seq_code, *annot_str;
data/fasta3-36.3.8h.2020-02-11/src/mshowbest.c:148:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char html_pre_E[120], html_post_E[120];
data/fasta3-36.3.8h.2020-02-11/src/mshowbest.c:197:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fmt,"%%-%ds (%%4d)",m_msp->aln.llen-r_margin);
data/fasta3-36.3.8h.2020-02-11/src/mshowbest.c:200:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fmt,"%%-%ds (%%4d)",m_msp->aln.llen-(r_margin+4));
data/fasta3-36.3.8h.2020-02-11/src/mshowbest.c:202:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fmt2,"%%-%ds",m_msp->aln.llen-r_margin+8);
data/fasta3-36.3.8h.2020-02-11/src/mshowbest.c:436:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gi_num = atoi(bline+3);
data/fasta3-36.3.8h.2020-02-11/src/mshowbest.c:450:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (m_msp->nframe > 2) sprintf(&l_name[strlen(l_name)],"_%d",bbp->frame+1);
data/fasta3-36.3.8h.2020-02-11/src/mshowbest.c:454:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str,":%d",bbp->mseq->cont-1);
data/fasta3-36.3.8h.2020-02-11/src/mshowbest.c:715:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_string[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:117:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((sql_file=fopen(sname,"r"))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:173:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sql_port=atoi(tp+1);
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:440:24: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*libpos=(fseek_t)atol(lm_fd->mysql_row[0]);
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:537:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_query[1024], tmp_val[20];
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:572:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str,"gi|%ld ***Error - query failed***",(long)libpos);
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:579:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str,"gi|%ld ***use result failed***",(long)libpos);
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:586:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str,"gi|%ld ***cannot fetch description***",(long)libpos);
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:236:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nt_btoa[5] = {"ACGT"};
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:275:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lname[256]; /* .pal, .nal file name */
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:276:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dname[256]; /* .pin, .nin file for files included from .msk files */
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:277:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msk_name[256]; /* .msk file name */
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:278:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hname[256]; /* .phr, .nhr */
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:279:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sname[256]; /* .psq, .nsq */
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:280:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[256]; /* .pin, .nin file */
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:281:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db_dir[256]; /* directory where all the files live */
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:320:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ifile = fopen(lname,"r"))!=NULL) {
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:369:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ifile = fopen(msk_name,RBSTR))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:445:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ifile = fopen(tname,RBSTR))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:489:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((m_fptr->hfile = fopen(hname,RBSTR))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:525:36: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_fptr->mm_flg=((m_fptr->mmap_fd=open(sname,O_RDONLY))>=0);
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:558:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((m_fptr->libf = fopen(sname,RBSTR))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:588:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lname[256]; /* .pal, .nal file name */
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:589:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dname[256]; /* .pin, .nin file for files included from .msk files */
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:590:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msk_name[256]; /* .msk file name */
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:591:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hname[256]; /* .phr, .nhr */
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:592:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sname[256]; /* .psq, .nsq */
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:593:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[256]; /* .pin, .nin file */
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:594:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db_dir[256]; /* directory where all the files live */
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:624:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifile = fopen(lname,"r"); /* it has to open, it did before */
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:671:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifile = fopen(msk_name,RBSTR);
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:701:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ifile = fopen(tname,RBSTR))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:724:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_fptr->hfile = fopen(hname,RBSTR);
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:748:36: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_fptr->mm_flg=((m_fptr->mmap_fd=open(sname,O_RDONLY))>=0);
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:775:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_fptr->libf = fopen(sname,RBSTR);
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:1057:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char acc[MAX_FADL_ACC_LEN], title[MAX_UID], name[MAX_FADL_ACC_LEN];
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:1085:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(m_fd->tmp_buf,"gi|%d",gi);
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:1115:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seq,sptr,seq_len);
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:1314:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmp_amb[4096];
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:1340:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char acc[MAX_FADL_ACC_LEN], title[MAX_UID], name[MAX_FADL_ACC_LEN];
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:1405:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(m_fd->tmp_buf,"gi|%d",gi);
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:1703:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char descr[2048];
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:1707:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db[5], acc[MAX_FADL_ACC_LEN], name[MAX_FADL_ACC_LEN];
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:1708:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[2048];
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:1838:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[4];
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:1853:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[4];
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:1866:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[4];
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:1881:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[8];
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:1901:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[8];
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:1972:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(text, abp, at_len);
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:1976:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(text, abp, t_len-1);
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:1990:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[256];
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:2025:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char release[20], ver_str[10];
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:2046:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ver_str,".%d",version);
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:2128:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(date, "%02d-%02d-%02d", year, month, day);
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:2155:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[40];
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:2423:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:2452:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) buffer, (void *) m_fd->mmap_addr, len);
data/fasta3-36.3.8h.2020-02-11/src/ncbl_lib.c:53:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nt_btoa[5] = {"ACGT"};
data/fasta3-36.3.8h.2020-02-11/src/ncbl_lib.c:55:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char aa_btoa[27]= {"-ARNDCQEGHILKMFPSTWYVBZX*"};
data/fasta3-36.3.8h.2020-02-11/src/ncbl_lib.c:66:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dline[512];
data/fasta3-36.3.8h.2020-02-11/src/ncbl_lib.c:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hname[256];
data/fasta3-36.3.8h.2020-02-11/src/ncbl_lib.c:74:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sname[256];
data/fasta3-36.3.8h.2020-02-11/src/ncbl_lib.c:75:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[256];
data/fasta3-36.3.8h.2020-02-11/src/ncbl_lib.c:84:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((tfile = fopen(tname,RBSTR))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/ncbl_lib.c:93:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((tfile = fopen(tname,RBSTR))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/ncbl_lib.c:119:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((hfile = fopen(hname,RBSTR))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/ncbl_lib.c:124:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((sfile = fopen(sname,RBSTR))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/ncbl_lib.c:131:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((hfile = fopen(hname,RBSTR))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/ncbl_lib.c:136:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((sfile = fopen(sname,RBSTR))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/ncbl_lib.c:378:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hline[256], *bp, *bp0;
data/fasta3-36.3.8h.2020-02-11/src/ncbl_lib.c:425:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[4];
data/fasta3-36.3.8h.2020-02-11/src/ncbl_lib.c:441:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[4];
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:157:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rline[10], iname[MAX_FN];
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:159:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opt_text[MAX_FN]; /* save text after ':' */
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:160:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f_line[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:165:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char af_name[MAX_FN];
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:172:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char acc_script[MAX_LSTR];
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:233:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
opnflg=((libf=fopen(lib_p->file_name,RBSTR))!=NULL);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:274:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
opnflg=((libf=fopen(lib_p->file_name,RBSTR))!=NULL);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:439:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((libi=fopen(iname,"r"))!=NULL) { /* have a *.xin file, use mmap */
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:536:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
opnflg=((om_fptr->libf=fopen(om_fptr->lb_name,RBSTR))!=NULL);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:933:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *bp, *bp_gid, locus[120], desc[120], acc[120], ver[120];
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1029:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *bp, acc[MAX_STR], desc[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1154:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[11]; /* Holds Identifier */
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1172:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(libstr,"%-12.12s",id);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1247:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[14]; /* Holds Identifier */
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1254:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str,"%-12.12s ",id);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1357:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tline[MAX_FN];
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1540:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[20];
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1541:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gcg_date[10];
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1544:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gcg_type[10];
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1720:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char acc_line[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1812:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char acc[MAX_SSTR], *acc_p, *bp;
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1835:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char acc_line[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1877:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gi_list[acc_cnt++] = atoi(acc_line);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1913:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gi = atoi(libstr);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1936:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char acc_line[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:2090:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char acc_line[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:2134:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gi_list[acc_cnt++] = atoi(acc_line);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:2202:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gi = atoi(libstr);
data/fasta3-36.3.8h.2020-02-11/src/param.h:71:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sq[MAXSQ+1];
data/fasta3-36.3.8h.2020-02-11/src/param.h:77:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sqx[MAXSQ+1];
data/fasta3-36.3.8h.2020-02-11/src/param.h:87:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pamfile[MAX_FN]; /* pam file name */
data/fasta3-36.3.8h.2020-02-11/src/param.h:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pamfile_save[MAX_FN]; /* original pam file */
data/fasta3-36.3.8h.2020-02-11/src/param.h:89:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pam_name[MAX_FN];
data/fasta3-36.3.8h.2020-02-11/src/param.h:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgpfile[MAX_FN];
data/fasta3-36.3.8h.2020-02-11/src/param.h:197:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char libstr[MAX_UID];
data/fasta3-36.3.8h.2020-02-11/src/param.h:230:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char libstr[MAX_UID]; /* repository for libstr */
data/fasta3-36.3.8h.2020-02-11/src/pcomp_subs2.c:208:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&this_buf_p->hdr,&tmp_buf_head.hdr,sizeof(struct buf2_hdr_s));
data/fasta3-36.3.8h.2020-02-11/src/pcomp_subs2.c:214:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&this_buf_p->s_cnt_info,&tmp_buf_head.s_cnt_info,sizeof(struct score_count_s));
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:130:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((sql_file=fopen(sname,"r"))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:451:24: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*libpos=(fseek_t)atol(PQgetvalue(res,0,0));
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:529:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_query[1024], tmp_val[20];
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:566:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str,"gi|%ld ***Error - query failed***",(long)libpos);
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:576:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str,"gi|%ld ***use result failed***",(long)libpos);
data/fasta3-36.3.8h.2020-02-11/src/print_pssm.c:68:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char libstr[MAX_FN];
data/fasta3-36.3.8h.2020-02-11/src/print_pssm.c:69:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qname[MAX_FN];
data/fasta3-36.3.8h.2020-02-11/src/print_pssm.c:117:40: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pst.pgpfile_type == 0) && (fp=fopen(pst.pgpfile,"rb"))) {
data/fasta3-36.3.8h.2020-02-11/src/print_pssm.c:120:45: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((pst.pgpfile_type == 1) && (fp=fopen(pst.pgpfile,"r"))) {
data/fasta3-36.3.8h.2020-02-11/src/print_pssm.c:123:45: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((pst.pgpfile_type == 2) && (fp=fopen(pst.pgpfile,"rb"))) {
data/fasta3-36.3.8h.2020-02-11/src/print_pssm.c:144:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ppst->pgpfile_type = atoi(bp+1);
data/fasta3-36.3.8h.2020-02-11/src/print_pssm.c:557:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dline[512];
data/fasta3-36.3.8h.2020-02-11/src/print_pssm.c:558:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matrix[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/pssm_asn_subs.c:386:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[64];
data/fasta3-36.3.8h.2020-02-11/src/pssm_asn_subs.c:517:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[256];
data/fasta3-36.3.8h.2020-02-11/src/pssm_asn_subs.c:1733:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_SSTR], acc[MAX_SSTR], descr[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/randtest.c:15:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else n = atoi(argv[1]);
data/fasta3-36.3.8h.2020-02-11/src/re_getlib.c:51:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char libstr[MAX_UID];
data/fasta3-36.3.8h.2020-02-11/src/re_getlib.c:83:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aa1,&aa1[n1-loff],loff);
data/fasta3-36.3.8h.2020-02-11/src/res_stats.c:52:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char libstr[13];
data/fasta3-36.3.8h.2020-02-11/src/res_stats.c:64:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info_gstring2[MAX_STR]; /* string for label */
data/fasta3-36.3.8h.2020-02-11/src/res_stats.c:65:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info_gstring3[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/res_stats.c:66:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info_hstring1[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/res_stats.c:101:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[512];
data/fasta3-36.3.8h.2020-02-11/src/res_stats.c:105:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char libstr[MAX_UID], *bp;
data/fasta3-36.3.8h.2020-02-11/src/res_stats.c:106:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bin_file[80];
data/fasta3-36.3.8h.2020-02-11/src/res_stats.c:171:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fin=fopen(argv[iarg],"r"))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/res_stats.c:176:35: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (bin_file[0]!='\0' && ((bout=fopen(bin_file,"w"))==NULL)) {
data/fasta3-36.3.8h.2020-02-11/src/res_stats.c:216:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((bp=strchr(line,'|'))!=NULL) qsfnum = atoi(bp+1);
data/fasta3-36.3.8h.2020-02-11/src/res_stats.c:219:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n0 = atoi(bp+1);
data/fasta3-36.3.8h.2020-02-11/src/res_stats.c:348:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hline[80], pch, *bp;
data/fasta3-36.3.8h.2020-02-11/src/res_stats.c:430:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&hline[10]," one = represents %d library sequences",dotsiz);
data/fasta3-36.3.8h.2020-02-11/src/res_stats.c:434:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&hline[10]," inset = represents %d library sequences",ddotsiz);
data/fasta3-36.3.8h.2020-02-11/src/res_stats.c:487:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bline[200], fmt[40], pad[200];
data/fasta3-36.3.8h.2020-02-11/src/res_stats.c:488:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rline[20];
data/fasta3-36.3.8h.2020-02-11/src/res_stats.c:493:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fmt,"%%-%ds (%%3d)",llen-10);
data/fasta3-36.3.8h.2020-02-11/src/sc_to_e.c:32:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:433:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_string[128];
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:434:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rho_str[32]; /* used for simplifying output label */
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:505:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (ppst->zs_win > 0) {sprintf(s_string,"(shuffled [%d], win: %d)",nstats,ppst->zs_win);}
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:506:34: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (ppst->shuffle_dna3) { sprintf(s_string,"(shuffled3 [%d])",nstats);}
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:507:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else { sprintf(s_string,"(shuffled [%d])",nstats);}
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:543:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_string[128];
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:597:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s_string,"(shuffled [%d], win: %d)",nstats,ppst->zs_win);
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:599:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s_string,"(shuffled [%d])",nstats);
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:699:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(f_string,"Altschul/Gish params: n0: %d Lambda: %5.3f K: %5.3f H: %5.3f",
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:781:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_string[128];
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:790:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s_string,"(shuffled [%d], win: %d)",nstats,ppst->zs_win);
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:793:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s_string,"(shuffled [%d])",nstats);
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:831:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_string[128];
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:841:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s_string,"(shuffled [%d], win: %d)",nstats,ppst->zs_win);
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:844:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s_string,"(shuffled [%d])",nstats);
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:878:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(f_string, "MLE_cen statistics: Lambda= %6.4f; K=%6.4g (cen=%d)",
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:898:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_string[128], ex_string[64];
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:906:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s_string,"(shuffled [%d], win: %d)",nstats,ppst->zs_win);
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:908:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s_string,"(shuffled [%d])",nstats);
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:930:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ex_string,"composition = -1 for %d sequences",nneg);
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:1573:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_string[128];
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:1694:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s_string,"(shuffled [%d], win: %d)",nstats,ppst->zs_win);
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:1697:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s_string,"(shuffled [%d])",nstats);
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:3106:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pstat_buf[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/scaleswt.c:282:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_string[128];
data/fasta3-36.3.8h.2020-02-11/src/scaleswt.c:342:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s_string,"(shuffled, win: %d)",ppst->zs_win);
data/fasta3-36.3.8h.2020-02-11/src/scaleswt.c:365:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_string[128];
data/fasta3-36.3.8h.2020-02-11/src/scaleswt.c:454:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s_string,"(shuffled, win: %d)",ppst->zs_win);
data/fasta3-36.3.8h.2020-02-11/src/scaleswt.c:1293:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(histp->stat_info,"scaled Tatusov statistics (%d): tat_a: %6.4f tat_b: %6.4f tat_c: %6.4f",
data/fasta3-36.3.8h.2020-02-11/src/scaleswt.c:1298:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(histp->stat_info,"Space_factor %.4g scaled statistics",
data/fasta3-36.3.8h.2020-02-11/src/scaleswt.c:1536:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pstat_buf[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/structs.h:15:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stat_info[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/structs.h:76:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgm_name[MAX_FN]; /* program name from argv[0] */
data/fasta3-36.3.8h.2020-02-11/src/structs.h:84:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ann_arr[MAX_FN]; /* annotation characters */
data/fasta3-36.3.8h.2020-02-11/src/structs.h:86:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ann_arr_def[MAX_FN]; /* definitions of ann_arr characters */
data/fasta3-36.3.8h.2020-02-11/src/structs.h:89:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[MAX_FN]; /* Query sequence name */
data/fasta3-36.3.8h.2020-02-11/src/structs.h:91:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lname[MAX_LSTR]; /* Library file name */
data/fasta3-36.3.8h.2020-02-11/src/structs.h:92:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char link_lname[MAX_LSTR]; /* link-library name */
data/fasta3-36.3.8h.2020-02-11/src/structs.h:93:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char annot0_sname[MAX_LSTR]; /* query annotation script name */
data/fasta3-36.3.8h.2020-02-11/src/structs.h:94:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char annot1_sname[MAX_LSTR]; /* library annotation script name */
data/fasta3-36.3.8h.2020-02-11/src/structs.h:114:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtitle[MAX_STR]; /* query title */
data/fasta3-36.3.8h.2020-02-11/src/structs.h:115:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ltitle[MAX_STR]; /* library title */
data/fasta3-36.3.8h.2020-02-11/src/structs.h:116:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flstr[MAX_FN]; /* FASTLIBS string */
data/fasta3-36.3.8h.2020-02-11/src/structs.h:118:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfile[MAX_FN];
data/fasta3-36.3.8h.2020-02-11/src/structs.h:120:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label [MAX_SSTR]; /* Output label, "opt", "s-w", "initn init1", "initn opt" */
data/fasta3-36.3.8h.2020-02-11/src/structs.h:121:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alabel[MAX_SSTR]; /* Output label, "Smith-Waterman", "banded Smith-Waterman", etc */
data/fasta3-36.3.8h.2020-02-11/src/structs.h:122:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f_id0[4]; /* function id for markx==10 */
data/fasta3-36.3.8h.2020-02-11/src/structs.h:123:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f_id1[4]; /* function id for markx==10 */
data/fasta3-36.3.8h.2020-02-11/src/structs.h:124:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sqnam[4]; /* "aa" or "nt" */
data/fasta3-36.3.8h.2020-02-11/src/structs.h:125:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sqtype[10]; /* "DNA" or "protein" */
data/fasta3-36.3.8h.2020-02-11/src/structs.h:149:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alab[3][24]; /* labels for alignment scores */
data/fasta3-36.3.8h.2020-02-11/src/structs.h:188:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dfile [MAX_FN]; /* file for dumping scores to */
data/fasta3-36.3.8h.2020-02-11/src/tatstats.c:295:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newtat, f_str->tatprobs[index], sizeof(struct tat_str));
data/fasta3-36.3.8h.2020-02-11/src/tatstats.c:303:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newtat->probs, f_str->tatprobs[index]->probs,
data/fasta3-36.3.8h.2020-02-11/src/tatstats.c:495:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &probs[oldtat->lowscore - lowscore],
data/fasta3-36.3.8h.2020-02-11/src/tatstats.c:558:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(probs, newprobs, (N + 1) * sizeof(double));
data/fasta3-36.3.8h.2020-02-11/src/thr_buf_structs.h:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info_lib_range[MAX_SSTR];
data/fasta3-36.3.8h.2020-02-11/src/upam.h:25:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char abbrev[6]; /* argument name */
data/fasta3-36.3.8h.2020-02-11/src/upam.h:26:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[10]; /* canonical name */
data/fasta3-36.3.8h.2020-02-11/src/upam.h:66:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pssm_aa[26] = {"\0ARNDCQEGHILKMFPSTWYVBZX*"};
data/fasta3-36.3.8h.2020-02-11/src/upam.h:68:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char othx[MAXSQ+1] = {"OUou\0"};
data/fasta3-36.3.8h.2020-02-11/src/upam.h:678:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nt[MAXSQ+1] ={"\0ACGTURYMWSKDHVBNXACGTURYMWSKDHVBNX\0"};
data/fasta3-36.3.8h.2020-02-11/src/upam.h:679:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ntx[MAXSQ+1]={"\0ACGTURYMWSKDHVBNXacgturymwskdhvbnx\0"};
data/fasta3-36.3.8h.2020-02-11/src/upam.h:680:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ntc[MAXSQ+1]={"\0TGCAAYRKWSMHDBVNXtgcaayrkwsmhdbvnx\0"};
data/fasta3-36.3.8h.2020-02-11/src/upam.h:831:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char pssm_aa[26];
data/fasta3-36.3.8h.2020-02-11/src/upam.h:832:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char othx[MAXSQ+1];
data/fasta3-36.3.8h.2020-02-11/src/upam.h:833:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char nt[MAXSQ+1];
data/fasta3-36.3.8h.2020-02-11/src/upam.h:834:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char ntx[MAXSQ+1];
data/fasta3-36.3.8h.2020-02-11/src/upam.h:835:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char ntc[MAXSQ+1];
data/fasta3-36.3.8h.2020-02-11/src/url_subs.c:104:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char my_q_name[200], my_l_name[200], json_l_name[200];
data/fasta3-36.3.8h.2020-02-11/src/url_subs.c:106:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pgm[10], o_pgm[10], lib[MAX_LSTR];
data/fasta3-36.3.8h.2020-02-11/src/url_subs.c:318:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_STR];
data/fasta3-36.3.8h.2020-02-11/src/url_subs.c:374:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(*sp > 'z')) { sprintf(dp,"%%%02x",*sp); dp += 3;}
data/fasta3-36.3.8h.2020-02-11/src/wm_align.c:210:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_aa1,aa1,cur_ares->min1);
data/fasta3-36.3.8h.2020-02-11/src/wm_align.c:243:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_aa1,aa1+cur_ares->max1,n1-cur_ares->max1);
data/fasta3-36.3.8h.2020-02-11/src/work_thr2.c:120:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info_lib_range[MAX_FN];
data/fasta3-36.3.8h.2020-02-11/src/work_thr2.c:145:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *aa0[6], *aa0s;
data/fasta3-36.3.8h.2020-02-11/src/work_thr2.c:262:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(my_ppst,work_info->ppst,sizeof(struct pstruct));
data/fasta3-36.3.8h.2020-02-11/src/work_thr2.c:301:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(info_lib_range," (range: %d-%d)",my_ppst->n1_low,my_ppst->n1_high);}
data/fasta3-36.3.8h.2020-02-11/src/work_thr2.c:303:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(info_lib_range," (range: >%d)",my_ppst->n1_low);}
data/fasta3-36.3.8h.2020-02-11/src/work_thr2.c:305:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(info_lib_range," (range: <%d)",my_ppst->n1_high);}
data/fasta3-36.3.8h.2020-02-11/src/work_thr2.c:368:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aa0[0],work_info->aa0,n0+1);
data/fasta3-36.3.8h.2020-02-11/src/apam.c:101:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SAFE_STRNCAT(ppst->pam_name,"-MS",MAX_FN-strlen(ppst->pam_name));
data/fasta3-36.3.8h.2020-02-11/src/apam.c:117:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(line); i++) {
data/fasta3-36.3.8h.2020-02-11/src/apam.c:251:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ppst->pam_name,std_pam_p->name,MAX_FN);
data/fasta3-36.3.8h.2020-02-11/src/apam.c:254:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(ppst->pam_name,"-MS",MAX_FN-strlen(ppst->pam_name)-1);
data/fasta3-36.3.8h.2020-02-11/src/apam.c:254:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(ppst->pam_name,"-MS",MAX_FN-strlen(ppst->pam_name)-1);
data/fasta3-36.3.8h.2020-02-11/src/apam.c:297:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ppst->pam_name,std_pam_p->name,MAX_FN);
data/fasta3-36.3.8h.2020-02-11/src/apam.c:299:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(ppst->pam_name,"-MS",MAX_FN-strlen(ppst->pamfile)-1);
data/fasta3-36.3.8h.2020-02-11/src/apam.c:299:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(ppst->pam_name,"-MS",MAX_FN-strlen(ppst->pamfile)-1);
data/fasta3-36.3.8h.2020-02-11/src/build_ares.c:154:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur_ares_p->aln_code_n = seq_code_len = strlen(seq_code);
data/fasta3-36.3.8h.2020-02-11/src/build_ares.c:165:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_code_len = strlen(align_code_dyn->string);
data/fasta3-36.3.8h.2020-02-11/src/build_ares.c:173:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
annot_str_len = strlen(annot_str_dyn->string);
data/fasta3-36.3.8h.2020-02-11/src/build_ares.c:194:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
annot_str_len = strlen(annot_str_dyn->string);
data/fasta3-36.3.8h.2020-02-11/src/build_ares.c:212:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((cur_ares_p->annot_var_id = (char *)calloc(strlen(annot_str_dyn->string)+2, sizeof(char)))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/build_ares.c:214:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__FILE__, __LINE__, (int)strlen(annot_str_dyn->string)+2);
data/fasta3-36.3.8h.2020-02-11/src/build_ares.c:217:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cur_ares_p->annot_var_id,annot_str_dyn->string,strlen(annot_str_dyn->string)+2);
data/fasta3-36.3.8h.2020-02-11/src/build_ares.c:217:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(cur_ares_p->annot_var_id,annot_str_dyn->string,strlen(annot_str_dyn->string)+2);
data/fasta3-36.3.8h.2020-02-11/src/c_dispn.c:270:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
digit_len = strlen(digit_tmp);
data/fasta3-36.3.8h.2020-02-11/src/cal_cons.c:649:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(al_str,tmp_cnt,al_str_max);
data/fasta3-36.3.8h.2020-02-11/src/cal_cons.c:699:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(al_str,tmp_cnt,al_str_max);
data/fasta3-36.3.8h.2020-02-11/src/cal_cons.c:719:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(al_str,tmp_cnt,al_str_max);
data/fasta3-36.3.8h.2020-02-11/src/cal_cons.c:937:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
update_code(al_str, al_str_n-strlen(al_str), update_data_p, op, sim_code, sp0, sp1);
data/fasta3-36.3.8h.2020-02-11/src/cal_cons.c:993:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
update_code(al_str, al_str_n-strlen(al_str), update_data_p, 2, sim_code,'-','-');
data/fasta3-36.3.8h.2020-02-11/src/cal_cons.c:1017:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
update_code(al_str, al_str_n-strlen(al_str), update_data_p, 1, sim_code,'-','-');
data/fasta3-36.3.8h.2020-02-11/src/cal_cons.c:1045:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
close_update_data(al_str, al_str_n-strlen(al_str), update_data_p);
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:509:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(m_msg.pgm_name,bp+1,sizeof(m_msg.pgm_name));
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:512:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(m_msg.pgm_name,argv[0],sizeof(m_msg.pgm_name));
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:655:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(info_qlabel,m_msg.qtitle,sizeof(info_qlabel));
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:731:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
re_ascii(qascii,pascii,strlen((char *)&m_msg.ann_arr[1]));
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:761:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (m_msg.lname) == 0) {
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:875:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(m_msg.ltitle,m_msg.lname,sizeof(m_msg.ltitle));
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:956:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
leng = (int)strlen(m_msg.qtitle);
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:968:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmp_str) + leng + 1> sizeof(m_msg.qtitle)) {
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:969:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
leng = sizeof(m_msg.qtitle) - strlen(tmp_str) - 1;
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:1269:22: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (rline[0]!='\0') strncpy(m_msg.outfile,rline,sizeof(m_msg.outfile));
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:1844:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(info_qlabel, m_msg.qtitle,sizeof(info_qlabel));
data/fasta3-36.3.8h.2020-02-11/src/comp_lib9.c:2542:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(current_mseq_p->libstr,getlib_info->libstr,MAX_UID); /* get old libstr for lcont>0 */
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:217:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i < (int)strlen(str); i++) aaray[qascii[str[i]]]=1;
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:232:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, src, dest_size);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:237:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(dest) < dest_size-1 && bp != NULL ) {
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:240:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, last_src, dest_size);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:245:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(dest, "$", dest_size - strlen(dest) -1);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:245:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(dest, "$", dest_size - strlen(dest) -1);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:258:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(dest, getenv(bp+2), dest_size - strlen(dest) - 1);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:258:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(dest, getenv(bp+2), dest_size - strlen(dest) - 1);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:271:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(dest, last_src, dest_size - strlen(dest) - 1);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:271:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(dest, last_src, dest_size - strlen(dest) - 1);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:507:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_str,(m_msp->qframe==1)? " (forward-only)" : "\0",sizeof(tmp_str));
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:660:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tstr1,ctime(&tdstart),sizeof(tstr1));
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:661:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tstr2,ctime(&tddone),sizeof(tstr1));
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1035:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bl_len = strlen(bline);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1038:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bbp->mseq->bline, bline, bl_len);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1422:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(link_acc_file,bp,sizeof(link_acc_file));
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1429:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(link_lib_file,link_acc_file,MAX_STR);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1468:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(link_script,link_bp,sizeof(link_script));
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1557:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lib_db_file,bp,MAX_STR);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1564:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lib_db_str_len = strlen(lib_db_file)+1;
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1576:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lib_db_str_len += (strlen(bp+1)+1);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1582:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lib_db_script,lib_bp,sizeof(lib_db_script));
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1714:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(annot_bline_file,bp,sizeof(annot_bline_file));
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1721:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(annot_descr_file,annot_bline_file,MAX_STR);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1733:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(bestp_arr[i]->mseq->bline) > DESCR_OFFSET) &&
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1829:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tmp_line[0] != '>' || strncmp(&tmp_line[1], bestp_arr[i]->mseq->bline, strlen(&tmp_line[1])) != 0) {
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1947:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_comment,bp+1,sizeof(tmp_comment));
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1964:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((tmp_ann_entry_arr[n_annot].comment=(char *)calloc(strlen(tmp_comment)+1,sizeof(char)))!=NULL) {
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1965:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_ann_entry_arr[n_annot].comment,tmp_comment,strlen(tmp_comment));
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:1965:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(tmp_ann_entry_arr[n_annot].comment,tmp_comment,strlen(tmp_comment));
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:2121:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((char *)ann_arr) >= MAX_FN) {
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:2127:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ann_arr[i_ann=strlen((char *)ann_arr)] = ctmp_label; /* add the character */
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:2181:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(bline_descr) > DESCR_OFFSET) &&
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:3757:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
add_len = strlen(value);
data/fasta3-36.3.8h.2020-02-11/src/compacc2.c:3777:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
add_len = strlen(value);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:219:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i < (int)strlen(str); i++) aaray[qascii[str[i]]]=1;
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:234:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, src, dest_size);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:239:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(dest) < dest_size-1 && bp != NULL ) {
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:242:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, last_src, dest_size);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:247:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(dest, "$", dest_size - strlen(dest) -1);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:247:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(dest, "$", dest_size - strlen(dest) -1);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:260:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(dest, getenv(bp+2), dest_size - strlen(dest) - 1);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:260:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(dest, getenv(bp+2), dest_size - strlen(dest) - 1);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:273:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(dest, last_src, dest_size - strlen(dest) - 1);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:273:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(dest, last_src, dest_size - strlen(dest) - 1);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:509:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_str,(m_msp->qframe==1)? " (forward-only)" : "\0",sizeof(tmp_str));
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:674:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tstr1,ctime(&tdstart),sizeof(tstr1));
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:675:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tstr2,ctime(&tddone),sizeof(tstr1));
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1048:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bl_len = strlen(bline);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1051:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bbp->mseq->bline, bline, bl_len);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1435:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(link_acc_file,bp,sizeof(link_acc_file));
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1442:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(link_lib_file,link_acc_file,MAX_STR);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1481:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(link_script,link_bp,sizeof(link_script));
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1576:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lib_db_file,bp,MAX_STR);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1583:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lib_db_str_len = strlen(lib_db_file)+1;
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1595:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lib_db_str_len += (strlen(bp+1)+1);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1601:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lib_db_script,lib_bp,sizeof(lib_db_script));
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1740:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(annot_bline_file,bp,sizeof(annot_bline_file));
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1747:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(annot_descr_file,annot_bline_file,MAX_STR);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1760:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(bestp_arr[i]->mseq->bline) > DESCR_OFFSET) &&
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:1869:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tmp_line[0] != '>' || strncmp(&tmp_line[1], bestp_arr[i]->mseq->bline, strlen(&tmp_line[1])) != 0) {
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:2000:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_comment,bp+1,sizeof(tmp_comment));
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:2034:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((tmp_ann_entry_arr[n_annot].comment=(char *)calloc(strlen(tmp_comment)+1,sizeof(char)))!=NULL) {
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:2035:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_ann_entry_arr[n_annot].comment,tmp_comment,strlen(tmp_comment));
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:2035:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(tmp_ann_entry_arr[n_annot].comment,tmp_comment,strlen(tmp_comment));
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:2147:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((char *)ann_arr) >= MAX_FN) {
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:2153:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ann_arr[i_ann=strlen((char *)ann_arr)] = ctmp_label; /* add the character */
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:2208:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(bline_descr) > DESCR_OFFSET) &&
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:3837:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
add_len = strlen(value);
data/fasta3-36.3.8h.2020-02-11/src/compacc2e.c:3857:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
add_len = strlen(value);
data/fasta3-36.3.8h.2020-02-11/src/defs.h:25:41: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define SAFE_STRNCPY(dest,src,dest_len) strncpy(dest,src,dest_len); dest[dest_len-1]='\0'
data/fasta3-36.3.8h.2020-02-11/src/defs.h:26:39: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
#define SAFE_STRNCAT(str,cat,str_len) strncat(str,cat,str_len-strlen(str)-1)
data/fasta3-36.3.8h.2020-02-11/src/defs.h:26:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define SAFE_STRNCAT(str,cat,str_len) strncat(str,cat,str_len-strlen(str)-1)
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:227:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(prog_name,argv[0],sizeof(prog_name));
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:259:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(m_msp->flstr,cptr,MAX_FN);
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:330:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(m_msp->sqnam,"aa",4);
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:331:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(m_msp->sqtype,"protein",10);
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:376:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(m_msp->link_lname, optarg, MAX_LSTR);
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:394:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(m_msp->flstr,optarg,MAX_FN);
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:411:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(m_msp->outfile,optarg,MAX_FN);
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:421:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (m_msp->dfile, optarg, MAX_FN);
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:448:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(m_msp->annot0_sname,optarg+1,MAX_LSTR);
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:452:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(m_msp->annot1_sname,optarg,MAX_LSTR);
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:456:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *)m_msp->ann_arr+1,optarg,MAX_FN-2);
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:459:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_msp->ann_arr_n = strlen((char *)m_msp->ann_arr+1);
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:463:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((char *)m_msp->ann_arr) > 0) {
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:501:28: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (argc - optind > 1) {strncpy (m_msp->tname, argv[optind + 1],MAX_FN);}
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:502:28: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (argc - optind > 2) {strncpy(m_msp->lname, argv[optind + 2],MAX_LSTR);}
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:613:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i_ann = strlen((char *)m_msp->ann_arr);
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:625:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((m_msp->ann_arr_def[i_ann]=(char *)calloc(strlen(bp+1)+1,sizeof(char)))!=NULL) {
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:627:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(m_msp->ann_arr_def[i_ann], bp+1,strlen(bp+1));
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:627:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(m_msp->ann_arr_def[i_ann], bp+1,strlen(bp+1));
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:660:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((char *)m_msp->ann_arr)>1) m_msp->ann_flg = 1;
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:781:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((tmp_markx->out_file = calloc(strlen(bp+1)+1,sizeof(char)))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:785:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_markx->out_file, bp+1, strlen(bp+1));
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:785:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(tmp_markx->out_file, bp+1, strlen(bp+1));
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:990:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
this_opt->s_param = (char *)calloc(strlen(s_param)+1,sizeof(char));
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:991:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(this_opt->s_param,s_param,strlen(s_param));
data/fasta3-36.3.8h.2020-02-11/src/doinit.c:991:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(this_opt->s_param,s_param,strlen(s_param));
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:2094:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&line1[len], (const char *)&dna_p1[y], i);
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:2102:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&line2[len], tmp, i);
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:2112:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&line3[len], tmp, i);
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:2128:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(line1, &line1[WIDTH], sizeof(line1)-1);
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:2129:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(line2, &line2[WIDTH], sizeof(line2)-1);
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:2130:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(line3, &line3[WIDTH], sizeof(line3)-1);
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:3334:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(al_str,tmp_cnt,al_str_max);
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:3381:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(al_str,tmp_cnt,al_str_max);
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:3383:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(al_str,tmp_cnt,al_str_max);
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:3393:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(al_str,tmp_cnt,al_str_max);
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:3418:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(al_str,tmp_cnt,al_str_max);
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:3557:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
update_code(al_str, al_str_n-strlen(al_str), update_data_p, 0, sim_code,'-','-');
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:3602:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
update_code(al_str, al_str_n-strlen(al_str), update_data_p, 2, sim_code,'-','-');
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:3665:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
update_code(al_str, al_str_n-strlen(al_str), update_data_p, 3, sim_code,sp0,sp1);
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:3733:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
update_code(al_str, al_str_n-strlen(al_str), update_data_p, 3, sim_code,sp0,sp1);
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:3741:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
update_code(al_str, al_str_n-strlen(al_str), update_data_p, 4, sim_code,'-','-');
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:3805:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
update_code(al_str, al_str_n-strlen(al_str), update_data_p, 3, sim_code,sp0,sp1);
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:3821:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
update_code(al_str, al_str_n-strlen(al_str), update_data_p, 5, sim_code,'-','-');
data/fasta3-36.3.8h.2020-02-11/src/dropfx.c:3835:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
close_update_data(al_str, al_str_n-strlen(al_str), update_data_p);
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:2145:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&line1[len], (const char *)&dna_p1[y], i);
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:2154:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&line2[len], tmp, i);
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:2164:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&line3[len], tmp, i);
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:2177:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(line1, &line1[WIDTH], sizeof(line1)-1);
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:2178:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(line2, &line2[WIDTH], sizeof(line2)-1);
data/fasta3-36.3.8h.2020-02-11/src/dropfx2.c:2179:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(line3, &line3[WIDTH], sizeof(line3)-1);
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:2213:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(line1, &line1[WIDTH], sizeof(line1)-1);
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:2214:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(line2, &line2[WIDTH], sizeof(line2)-1);
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:2215:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(line3, &line3[WIDTH], sizeof(line3)-1);
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:3270:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(al_str,tmp_cnt,al_str_max);
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:3317:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(al_str,tmp_cnt,al_str_max);
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:3319:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(al_str,tmp_cnt,al_str_max);
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:3329:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(al_str,tmp_cnt,al_str_max);
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:3354:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(al_str,tmp_cnt,al_str_max);
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:3485:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
update_code(al_str, al_str_n-strlen(al_str), update_data_p, 0, sim_code,'-','-');
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:3519:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
update_code(al_str, al_str_n-strlen(al_str), update_data_p, 2, sim_code,'-','-');
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:3645:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
update_code(al_str, al_str_n-strlen(al_str), update_data_p, 3, sim_code,sp0,sp1);
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:3653:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
update_code(al_str, al_str_n-strlen(al_str), update_data_p, 4, sim_code,'-','-');
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:3722:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
update_code(al_str, al_str_n-strlen(al_str), update_data_p, 5, sim_code,'-','-');
data/fasta3-36.3.8h.2020-02-11/src/dropfz2.c:3731:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
close_update_data(al_str, al_str_n-strlen(al_str), update_data_p);
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:2232:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(line1, &line1[WIDTH], sizeof(line1)-1);
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:2233:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(line2, &line2[WIDTH], sizeof(line2)-1);
data/fasta3-36.3.8h.2020-02-11/src/dropfz3.c:2234:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(line3, &line3[WIDTH], sizeof(line3)-1);
data/fasta3-36.3.8h.2020-02-11/src/dropgsw2.c:663:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(pg_str,"Smith-Waterman (Altivec/VMX, Erik Lindahl 2004)",sizeof(pg_str));
data/fasta3-36.3.8h.2020-02-11/src/dropgsw2.c:666:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(pg_str,"Smith-Waterman (SSE2, Michael Farrar 2006)",sizeof(pg_str));
data/fasta3-36.3.8h.2020-02-11/src/dropgsw2.c:669:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(pg_str,"Smith-Waterman (PGopt)",sizeof(pg_str));
data/fasta3-36.3.8h.2020-02-11/src/dropgsw2.c:672:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
if (ppst->pam_pssm) { strncpy(psi_str,"-PSI",sizeof(psi_str));}
data/fasta3-36.3.8h.2020-02-11/src/dropnnw2.c:509:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pg_str, pg_desc, sizeof(pg_str));
data/fasta3-36.3.8h.2020-02-11/src/dropnnw2.c:511:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
if (ppst->pam_pssm) { strncpy(psi_str,"-PSI",sizeof(psi_str));}
data/fasta3-36.3.8h.2020-02-11/src/dropnsw.c:264:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
if (ppst->pam_pssm) { strncpy(psi_str,"-PSI",sizeof(psi_str));}
data/fasta3-36.3.8h.2020-02-11/src/getenv.c:25:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
esize -= (i=strlen(esptr)+1);
data/fasta3-36.3.8h.2020-02-11/src/getenv.c:36:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (eptr=envstr; *eptr; eptr += strlen(eptr)+1) {
data/fasta3-36.3.8h.2020-02-11/src/getenv.c:37:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(str,eptr,(long)strlen(str))==0) {
data/fasta3-36.3.8h.2020-02-11/src/getseq.c:172:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(seq_title,line+1,sizeof(seq_title));
data/fasta3-36.3.8h.2020-02-11/src/getseq.c:175:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(libstr,line+1,12);
data/fasta3-36.3.8h.2020-02-11/src/getseq.c:184:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
llen = strlen(line);
data/fasta3-36.3.8h.2020-02-11/src/getseq.c:187:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
llen = strlen(line);
data/fasta3-36.3.8h.2020-02-11/src/getseq.c:194:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (bp!=NULL) strncpy(libstr,bp,12);
data/fasta3-36.3.8h.2020-02-11/src/getseq.c:195:12: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else strncpy(libstr,filen,12);
data/fasta3-36.3.8h.2020-02-11/src/getseq.c:200:28: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (libstr[0]=='\0') strncpy(libstr,filen,12);
data/fasta3-36.3.8h.2020-02-11/src/getseq.c:204:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (seq_format==GCG_FORMAT && strlen(line)<l_offset) continue;
data/fasta3-36.3.8h.2020-02-11/src/getseq.c:233:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
llen = strlen(line);
data/fasta3-36.3.8h.2020-02-11/src/getseq.c:236:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
llen = strlen(line);
data/fasta3-36.3.8h.2020-02-11/src/getseq.c:239:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<l_offset) continue;
data/fasta3-36.3.8h.2020-02-11/src/getseq.c:257:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filen[strlen(filen)]=':';
data/fasta3-36.3.8h.2020-02-11/src/getseq.c:277:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(title,seq_title,len);
data/fasta3-36.3.8h.2020-02-11/src/getseq.c:279:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (int)strlen(title);
data/fasta3-36.3.8h.2020-02-11/src/getseq.c:291:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sset==1) filen[strlen(filen)]=':';
data/fasta3-36.3.8h.2020-02-11/src/getseq.c:308:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(title,line,len);
data/fasta3-36.3.8h.2020-02-11/src/getseq.c:311:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(title);
data/fasta3-36.3.8h.2020-02-11/src/initfa.c:1195:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
re_ascii(qascii,nascii,strlen((char *)m_msg->ann_arr+1));
data/fasta3-36.3.8h.2020-02-11/src/initfa.c:1248:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
re_ascii(qascii,nascii,strlen((char *)m_msg->ann_arr+1));
data/fasta3-36.3.8h.2020-02-11/src/initfa.c:2114:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ns = strlen((const char *)aap);
data/fasta3-36.3.8h.2020-02-11/src/initfa.c:3057:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(common_opts); i++) {
data/fasta3-36.3.8h.2020-02-11/src/initfa.c:3178:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(sorted_list); i++) {
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:86:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ldname,&tsave[1],sizeof(ldname));
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:109:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(flstr)> (size_t)0) {
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:133:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((k=strlen(line))>chlen) break;
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:136:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(chstr[j]=chtmp,line,chlen);
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:139:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((k=strlen(bp))>chlen) break;
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:140:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(chfile[j]=chtmp,bp,chlen);
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:150:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)==0) goto l2;
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:151:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lname,line,nl);
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:158:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)> (size_t)0) strncpy(lname,line,nl);
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:158:34: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (strlen(line)> (size_t)0) strncpy(lname,line,nl);
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:194:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(lname) > (size_t)1 && *lname != '%' && *lname != '+') {
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:219:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(flstr) > (size_t)0) {
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:239:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ltitle,line,MAX_STR);
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:242:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ltmp = strlen(ltitle);
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:243:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(ltitle,",\n ",MAX_STR-ltmp);
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:244:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ltitle,line,MAX_STR-ltmp-4);
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:259:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ltitle,line,MAX_STR);
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:262:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ltmp = strlen(ltitle);
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:263:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(ltitle,",\n ",MAX_STR-ltmp);
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:264:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ltitle,line,MAX_STR-ltmp-4);
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:293:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (env != NULL && *env != '\0') lenv = strlen(env)+1;
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:296:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(fname)+1+lenv;
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:299:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tname,env,sizeof(tname)-1);
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:301:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tname,"/");
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:310:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(tname,fname,sizeof(tname)-strlen(tname)-1);
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:310:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(tname,fname,sizeof(tname)-strlen(tname)-1);
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:311:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(tname)+1;
data/fasta3-36.3.8h.2020-02-11/src/lib_sel.c:317:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lbptr,tname,len);
data/fasta3-36.3.8h.2020-02-11/src/list_db.c:87:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (argc > 1) strncpy(lname, argv[1],sizeof(lname));
data/fasta3-36.3.8h.2020-02-11/src/list_db.c:242:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(nname,oname,maxn-1);
data/fasta3-36.3.8h.2020-02-11/src/list_db.c:243:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(nname,".",1);
data/fasta3-36.3.8h.2020-02-11/src/list_db.c:244:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(nname,suff,maxn-strlen(nname));
data/fasta3-36.3.8h.2020-02-11/src/list_db.c:244:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(nname,suff,maxn-strlen(nname));
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:109:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(llibstr1,o_line,sizeof(llibstr1));
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:110:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(libstr,o_line,n_libstr);
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:116:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filen[strlen(filen)]=':';
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:125:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(o_line,line,sizeof(o_line));
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:137:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(seq_title,line+1,sizeof(seq_title));
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:138:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(llibstr0,line+1,sizeof(llibstr0));
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:142:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(libstr,line+1,n_libstr);
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:159:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
llen = strlen(line);
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:162:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
llen = strlen(line);
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:168:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(libstr,line,n_libstr);
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:173:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (seq_format==GCG_FORMAT && strlen(line)<l_offset) continue;
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:183:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(o_line,line,sizeof(o_line));
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:233:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(title,llibstr0,len);
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:236:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(title,llibstr1,len);
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:239:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(title);
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:250:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sset==1) filen[strlen(filen)]=':';
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:267:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(title,line,len);
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:270:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(title);
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:311:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dfname,m_msg.dfile,sizeof(dfname));
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:329:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(libn_save,lname,sizeof(libn_save));
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:338:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(m_fptr->lb_name,lname,MAX_FN);
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:390:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(libstr,lib_desc,n_libstr);
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:399:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(char *)calloc(strlen(lib_desc)+1,sizeof(char)))== NULL) {
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:401:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(lib_desc)+1);
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:404:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (desc_save,lib_desc,strlen(lib_desc));
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:404:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy (desc_save,lib_desc,strlen(lib_desc));
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:405:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
desc_save[strlen(lib_desc)]=='\0';
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:412:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(libstr,desc_save,n_libstr);
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:448:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str,llibstr1+1,cnt);
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:451:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str,llibstr1,cnt);
data/fasta3-36.3.8h.2020-02-11/src/llgetaa.c:455:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str,desc_save,cnt);
data/fasta3-36.3.8h.2020-02-11/src/map_db.c:146:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (argc > 1) strncpy(lname, argv[1],sizeof(lname));
data/fasta3-36.3.8h.2020-02-11/src/map_db.c:570:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(nname,oname,maxn-1);
data/fasta3-36.3.8h.2020-02-11/src/map_db.c:571:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(nname,".",1);
data/fasta3-36.3.8h.2020-02-11/src/map_db.c:572:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(nname,suff,maxn-strlen(nname));
data/fasta3-36.3.8h.2020-02-11/src/map_db.c:572:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(nname,suff,maxn-strlen(nname));
data/fasta3-36.3.8h.2020-02-11/src/map_db.c:583:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_sq_map = strlen(sq_map+1) + 1;
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:531:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(libstr,desc,n_libstr-1);
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:609:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(libstr,"",n_libstr-1);
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:635:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str,m_fd->mmap_base+m_fd->d_pos_arr[lpos]+1,llen);
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:743:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str,mp+4,20);
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:750:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (llen > cnt-strlen(str)) llen = cnt-strlen(str)-1;
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:750:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (llen > cnt-strlen(str)) llen = cnt-strlen(str)-1;
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:752:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(str,bp+1,llen);
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:940:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(libstr,m_fd->mmap_base+m_fd->d_pos_arr[lpos]+12,12);
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:988:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(locus,&lm_fd->mmap_addr[12],sizeof(locus));
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:1026:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(libstr,"gi|",n_libstr-1);
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:1027:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(libstr,bp_gid,n_libstr-4);
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:1028:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(libstr,"|gb|",n_libstr-20);
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:1036:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(libstr,&ver[12],n_libstr-1-strlen(libstr));
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:1036:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(libstr,&ver[12],n_libstr-1-strlen(libstr));
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:1037:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(libstr,"|",n_libstr-1-strlen(libstr));
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:1037:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(libstr,"|",n_libstr-1-strlen(libstr));
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:1040:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(libstr,&acc[12],n_libstr-1-strlen(libstr));
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:1040:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(libstr,&acc[12],n_libstr-1-strlen(libstr));
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:1041:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(libstr," ",n_libstr-1-strlen(libstr));
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:1041:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(libstr," ",n_libstr-1-strlen(libstr));
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:1044:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(libstr,locus,n_libstr-1-strlen(libstr));
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:1044:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(libstr,locus,n_libstr-1-strlen(libstr));
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:1045:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(libstr,&desc[11],n_libstr-1-strlen(libstr));
data/fasta3-36.3.8h.2020-02-11/src/mmgetaa.c:1045:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(libstr,&desc[11],n_libstr-1-strlen(libstr));
data/fasta3-36.3.8h.2020-02-11/src/mshowalign2.c:202:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qline_p) > 0) {
data/fasta3-36.3.8h.2020-02-11/src/mshowalign2.c:346:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(bline)==0) {
data/fasta3-36.3.8h.2020-02-11/src/mshowalign2.c:362:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ttmp_len = strlen(bline_p);
data/fasta3-36.3.8h.2020-02-11/src/mshowalign2.c:396:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (m_msp->nframe > 2) sprintf(&l_name[strlen(l_name)],"_%d",bbp->frame+1);
data/fasta3-36.3.8h.2020-02-11/src/mshowalign2.c:402:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SAFE_STRNCAT(l_name,tmp_str,sizeof(l_name)-strlen(l_name));
data/fasta3-36.3.8h.2020-02-11/src/mshowalign2.c:571:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((annot_var_s10=(char *)calloc(strlen(annot_var_dyn->string)+1,sizeof(char)))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/mshowalign2.c:573:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__FILE__,__LINE__,(int)strlen(annot_var_dyn->string));
data/fasta3-36.3.8h.2020-02-11/src/mshowalign2.c:577:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SAFE_STRNCPY(annot_var_s10,annot_var_dyn->string,strlen(annot_var_dyn->string));
data/fasta3-36.3.8h.2020-02-11/src/mshowalign2.c:613:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (max(strlen(seqc0),strlen(seqc1)) > nc) {
data/fasta3-36.3.8h.2020-02-11/src/mshowalign2.c:613:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (max(strlen(seqc0),strlen(seqc1)) > nc) {
data/fasta3-36.3.8h.2020-02-11/src/mshowalign2.c:615:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nc,maxc,strlen(seqc0),strlen(seqc1));
data/fasta3-36.3.8h.2020-02-11/src/mshowalign2.c:615:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nc,maxc,strlen(seqc0),strlen(seqc1));
data/fasta3-36.3.8h.2020-02-11/src/mshowalign2.c:679:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (annot_var_dyn->string[strlen(annot_var_dyn->string)-1] != '\n') {
data/fasta3-36.3.8h.2020-02-11/src/mshowalign2.c:680:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
annot_var_dyn->string[strlen(annot_var_dyn->string)-1] = '\n';
data/fasta3-36.3.8h.2020-02-11/src/mshowbest.c:188:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(html_pre_E,"<font color=\"darkred\">",sizeof(html_pre_E));
data/fasta3-36.3.8h.2020-02-11/src/mshowbest.c:189:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(html_post_E,"</font>",sizeof(html_post_E));
data/fasta3-36.3.8h.2020-02-11/src/mshowbest.c:367:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bline,bbp->mseq->bline,m_msp->aln.llen);
data/fasta3-36.3.8h.2020-02-11/src/mshowbest.c:450:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (m_msp->nframe > 2) sprintf(&l_name[strlen(l_name)],"_%d",bbp->frame+1);
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:113:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_str,sname+1,tmp_str_len);
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:154:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((sql_db=calloc(strlen(bps)+1,sizeof(char)))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:156:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(bps),bps);
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:248:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((sql_do = calloc(strlen(bps)+1, sizeof(char)))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:249:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," cannot allocate %d for sql_do\n",(int)strlen(bps));
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:284:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((m_fptr->sql_query=calloc(strlen(bps)+1,sizeof(char)))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:286:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(bps),bps);
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:305:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((m_fptr->sql_getdesc=calloc(strlen(bps)+1,sizeof(char)))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:307:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(bps),bps);
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:325:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((m_fptr->sql_getseq=calloc(strlen(bps)+1,sizeof(char)))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:327:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(bps),bps);
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:331:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(bps) > 0) {
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:344:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((m_fptr->sql_close_tables=calloc(strlen(bps)+1,sizeof(char)))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:346:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(bps),bps);
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:474:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(libstr,lm_fd->mysql_row[0],MAX_UID-1);
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:482:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(libstr,lm_fd->mysql_row[2],n_libstr-1);
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:485:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(libstr,lm_fd->mysql_row[0],n_libstr-1);
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:553:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_query,lm_fd->sql_getdesc,sizeof(tmp_query));
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:590:36: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (lm_fd->mysql_row[1] != NULL) strncpy(str,lm_fd->mysql_row[1],cnt-1);
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:591:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else strncpy(str,lm_fd->mysql_row[0],cnt-1);
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:593:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(str) < cnt-1 &&
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:595:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(str," ",cnt-2-strlen(str));
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:595:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(str," ",cnt-2-strlen(str));
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:597:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(str,lm_fd->mysql_row[1],cnt-2-strlen(str));
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:597:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(str,lm_fd->mysql_row[1],cnt-2-strlen(str));
data/fasta3-36.3.8h.2020-02-11/src/mysql_lib.c:619:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_query,lm_fd->sql_getseq,sizeof(tmp_query));
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:935:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmp = fgetc(m_fptr->libf);
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:1747:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name[0] != '\0' && strcmp(name,"BL_ORD_ID")!=0) sprintf(descr+strlen(descr),"%s ", name);
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:1759:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) >= cnt-1) break;
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:2052:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(acc,ver_str,acc_len-strlen(acc));
data/fasta3-36.3.8h.2020-02-11/src/ncbl2_mlib.c:2052:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(acc,ver_str,acc_len-strlen(acc));
data/fasta3-36.3.8h.2020-02-11/src/ncbl_lib.c:233:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmp=(long)fgetc(sfile); /* skip the null byte */
data/fasta3-36.3.8h.2020-02-11/src/ncbl_lib.c:295:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmp=fgetc(sfile); /* skip the null byte */
data/fasta3-36.3.8h.2020-02-11/src/ncbl_lib.c:314:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmp=fgetc(sfile); /* skip the null byte */
data/fasta3-36.3.8h.2020-02-11/src/ncbl_lib.c:398:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(str+11,bp+1,cnt-strlen(str));
data/fasta3-36.3.8h.2020-02-11/src/ncbl_lib.c:398:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(str+11,bp+1,cnt-strlen(str));
data/fasta3-36.3.8h.2020-02-11/src/ncbl_lib.c:404:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str+1,hline,cnt-1);
data/fasta3-36.3.8h.2020-02-11/src/ncbl_lib.c:406:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else strncpy(str,hline,cnt);
data/fasta3-36.3.8h.2020-02-11/src/ncbl_lib.c:484:22: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (oname[0]=='@') strncpy(nname,&oname[1],maxn);
data/fasta3-36.3.8h.2020-02-11/src/ncbl_lib.c:485:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else strncpy(nname,oname,maxn);
data/fasta3-36.3.8h.2020-02-11/src/ncbl_lib.c:489:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(nname,suff,maxn);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:222:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(opt_text,bp+1,sizeof(opt_text));
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:238:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(acc_script, bp, sizeof(acc_script)-1);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:388:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(f_line)==0) return NULL;
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:415:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(m_fptr->opt_text,opt_text,MAX_FN);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:595:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(libstr,lm_fd->lline+lm_fd->acc_off,n_libstr-1);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:620:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(lm_fd->lline)<MAX_STR/2)
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:621:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fgets(&lm_fd->lline[strlen(lm_fd->lline)],MAX_STR/2,lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:663:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lm_fd->lline,(char *)seqp,MAX_STR);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:667:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fgets(&lm_fd->lline[strlen(lm_fd->lline)],MAX_STR-strlen(lm_fd->lline),lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:667:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fgets(&lm_fd->lline[strlen(lm_fd->lline)],MAX_STR-strlen(lm_fd->lline),lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:670:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lm_fd->lline[strlen(lm_fd->lline)-1]='\n';
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:705:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str,lm_fd->lline+lm_fd->acc_off,cnt);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:755:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(libstr,lm_fd->lline+lm_fd->acc_off,n_libstr-1);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:765:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(lm_fd->lline)<MAX_STR/2)
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:766:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fgets(&lm_fd->lline[strlen(lm_fd->lline)],MAX_STR/2,lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:796:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lm_fd->lline,(char *)seqp,MAX_STR);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:800:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fgets(&lm_fd->lline[strlen(lm_fd->lline)],MAX_STR-strlen(lm_fd->lline),lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:800:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fgets(&lm_fd->lline[strlen(lm_fd->lline)],MAX_STR-strlen(lm_fd->lline),lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:803:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lm_fd->lline[strlen(lm_fd->lline)-1]='\n';
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:826:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str,lm_fd->lline+lm_fd->acc_off,cnt);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:868:26: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (lm_fd->lfflag) getc(lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:873:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(libstr,&lm_fd->lline[12],12);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:884:26: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (lm_fd->lfflag) getc(lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:896:24: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (lm_fd->lfflag) getc(lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:917:22: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (lm_fd->lfflag) getc(lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:936:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(locus,&lm_fd->lline[12],sizeof(locus));
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:974:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(libstr,"gi|",n_libstr-1);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:975:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(libstr,bp_gid,n_libstr-4);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:976:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(libstr,"|gb|",n_libstr-20);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:984:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(libstr,&ver[12],n_libstr-1-strlen(libstr));
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:984:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(libstr,&ver[12],n_libstr-1-strlen(libstr));
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:985:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(libstr,"|",n_libstr-1-strlen(libstr));
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:985:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(libstr,"|",n_libstr-1-strlen(libstr));
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:988:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(libstr,&acc[12],n_libstr-1-strlen(libstr));
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:988:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(libstr,&acc[12],n_libstr-1-strlen(libstr));
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:989:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(libstr," ",n_libstr-1-strlen(libstr));
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:989:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(libstr," ",n_libstr-1-strlen(libstr));
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:992:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(libstr,locus,n_libstr-1-strlen(libstr));
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:992:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(libstr,locus,n_libstr-1-strlen(libstr));
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:993:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(libstr,&desc[11],n_libstr-1-strlen(libstr));
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:993:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(libstr,&desc[11],n_libstr-1-strlen(libstr));
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1033:22: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (lm_fd->lfflag) getc(lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1040:22: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (lm_fd->lfflag) getc(lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1071:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(libstr,&lm_fd->lline[16],8);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1126:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str,&lm_fd->lline[16],8);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1131:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&str[8],&lm_fd->lline[16],cnt-9);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1169:26: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (lm_fd->lfflag) getc(lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1185:26: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (lm_fd->lfflag) getc(lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1199:24: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (lm_fd->lfflag) getc(lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1221:20: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (lm_fd->lfflag) getc(lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1251:22: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (lm_fd->lfflag) getc(lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1256:22: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (lm_fd->lfflag) getc(lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1259:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str+12,&lm_fd->lline[5],cnt-11);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1266:22: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (lm_fd->lfflag) getc(lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1298:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(libstr,lm_fd->lline+1,12);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1326:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
new: strncpy(lm_fd->lline,(char *)seqp,MAX_STR);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1329:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fgets(lm_fd->lline,MAX_STR-strlen(lm_fd->lline),lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1363:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tline,lm_fd->lline+1,sizeof(tline));
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1374:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str,lm_fd->lline,cnt);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1376:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(str," ",cnt-strlen(str)-1);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1376:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(str," ",cnt-strlen(str)-1);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1377:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(str,tline,cnt-strlen(str)-1);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1377:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(str,tline,cnt-strlen(str)-1);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1410:26: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (lm_fd->lfflag) getc(lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1414:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(libstr,&lm_fd->lline[4],12);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1420:24: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (lm_fd->lfflag) getc(lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1423:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(libstr," ");
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1424:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(libstr,lm_fd->lline,n_libstr-1-strlen(libstr));
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1424:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(libstr,lm_fd->lline,n_libstr-1-strlen(libstr));
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1433:31: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (lm_fd->lfflag && (ich=getc(lm_fd->libf))!=LFCHAR) ungetc(ich,lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1456:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lm_fd->lline,(char *)seqp,MAX_STR);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1459:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fgets(&lm_fd->lline[strlen(lm_fd->lline)],MAX_STR-strlen(lm_fd->lline),lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1459:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fgets(&lm_fd->lline[strlen(lm_fd->lline)],MAX_STR-strlen(lm_fd->lline),lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1460:31: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (lm_fd->lfflag && (ich=getc(lm_fd->libf))!=LFCHAR) ungetc(ich,lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1466:29: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (lm_fd->lfflag && (ich=getc(lm_fd->libf))!=LFCHAR) ungetc(ich,lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1493:22: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (lm_fd->lfflag) getc(lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1498:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str,&lm_fd->lline[4],cnt-1);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1509:24: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (lm_fd->lfflag) getc(lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1517:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(str," ",(size_t)1);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1518:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(str,llp,(size_t)cnt-strlen(str)-1);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1518:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(str,llp,(size_t)cnt-strlen(str)-1);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1526:22: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (lm_fd->lfflag) getc(lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1569:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(lm_fd->lline)<MAX_STR/2)
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1570:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fgets(&lm_fd->lline[strlen(lm_fd->lline)],MAX_STR/2,lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1572:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fgets(&lm_fd->lline[strlen(lm_fd->lline)-MAX_STR/2],MAX_STR/2,lm_fd->libf);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1579:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(libstr," ",1);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1580:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(libstr,lm_fd->lline,n_libstr-1-strlen(libstr));
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1580:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(libstr,lm_fd->lline,n_libstr-1-strlen(libstr));
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1634:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str,&lm_fd->lline[4],cnt-1);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1663:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(str," ",(size_t)1);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1664:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(str,bp1,(size_t)cnt-strlen(str));
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1664:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(str,bp1,(size_t)cnt-strlen(str));
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1665:19: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
if (bp1!=llp) strncat(str,llp,(size_t)cnt-strlen(str));
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1665:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bp1!=llp) strncat(str,llp,(size_t)cnt-strlen(str));
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:1798:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
acc_buff_p += strlen(acc_buff_p)+1;
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:2017:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
acc_buff_p += strlen(acc_buff_p)+1;
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:2267:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fn_len = strlen(f_name);
data/fasta3-36.3.8h.2020-02-11/src/nmgetlib.c:2274:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(alloc_f_name,f_name,fn_len);
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:126:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_str,sname+1,tmp_str_len);
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:164:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((sql_db=calloc(strlen(bps)+1,sizeof(char)))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:166:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(bps),bps);
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:257:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((sql_do = calloc(strlen(bps)+1, sizeof(char)))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:258:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," cannot allocate %d for sql_do\n",(int)strlen(bps));
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:297:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((m_fptr->sql_query=calloc(strlen(bps)+41,sizeof(char)))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:299:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(bps),bps);
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:304:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(m_fptr->sql_query,"DECLARE next_seq CURSOR FOR ",40);
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:319:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((m_fptr->sql_getdesc=calloc(strlen(bps)+1,sizeof(char)))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:321:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(bps),bps);
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:339:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((m_fptr->sql_getseq=calloc(strlen(bps)+1,sizeof(char)))==NULL) {
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:341:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(bps),bps);
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:345:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(bps) > 0) {
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:468:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(libstr,PQgetvalue(res,0,0),MAX_UID-1);
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:476:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(libstr,PQgetvalue(res,0,2),n_libstr-1);
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:479:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(libstr,PQgetvalue(res,0,0),n_libstr-1);
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:546:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_query,lm_fd->sql_getdesc,sizeof(tmp_query));
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:580:35: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (PQgetvalue(res,0,1)!= NULL) strncpy(str,PQgetvalue(res,0,1),cnt-1);
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:581:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else strncpy(str,PQgetvalue(res,0,0),cnt-1);
data/fasta3-36.3.8h.2020-02-11/src/pgsql_lib.c:612:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_query,lm_fd->sql_getseq,sizeof(tmp_query));
data/fasta3-36.3.8h.2020-02-11/src/print_pssm.c:81:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(ppst->pamfile,"BP62",MAX_FN);
data/fasta3-36.3.8h.2020-02-11/src/print_pssm.c:146:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ppst->pgpfile,optarg,MAX_FN);
data/fasta3-36.3.8h.2020-02-11/src/print_pssm.c:152:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ppst->pamfile, optarg, 120);
data/fasta3-36.3.8h.2020-02-11/src/print_pssm.c:163:26: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (argc - optind > 1) strncpy(qname, argv[optind+1], MAX_FN);
data/fasta3-36.3.8h.2020-02-11/src/print_pssm.c:592:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(ppst->pamfile, "BP62", 120);
data/fasta3-36.3.8h.2020-02-11/src/print_pssm.c:593:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ppst->pamfile_save, ppst->pamfile, 120);
data/fasta3-36.3.8h.2020-02-11/src/pssm_asn_subs.c:415:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_str, (char *)asnp->abp, v_len);
data/fasta3-36.3.8h.2020-02-11/src/pssm_asn_subs.c:1263:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(matrix,"BLOSUM62", MAX_SSTR);
data/fasta3-36.3.8h.2020-02-11/src/pssm_asn_subs.c:1365:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(matrix,"BLOSUM62",MAX_SSTR);
data/fasta3-36.3.8h.2020-02-11/src/pssm_asn_subs.c:1708:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(matrix,"BLOSUM62",MAX_SSTR);
data/fasta3-36.3.8h.2020-02-11/src/res_stats.c:147:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bin_file,argv[iarg+1],sizeof(bin_file));
data/fasta3-36.3.8h.2020-02-11/src/res_stats.c:211:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(info_gstring2,line,sizeof(info_gstring2));
data/fasta3-36.3.8h.2020-02-11/src/res_stats.c:284:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bestptr->libstr,libstr,12);
data/fasta3-36.3.8h.2020-02-11/src/scaleswn.c:510:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(rho_str,"ln(x)",sizeof(rho_str));
data/fasta3-36.3.8h.2020-02-11/src/scaleswt.c:343:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
else strncpy(s_string,"(shuffled)",sizeof(s_string));
data/fasta3-36.3.8h.2020-02-11/src/scaleswt.c:455:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
else strncpy(s_string,"(shuffled)",sizeof(s_string));
data/fasta3-36.3.8h.2020-02-11/src/url_subs.c:61:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_tmp_annot_s = strlen(annot_s)+1;
data/fasta3-36.3.8h.2020-02-11/src/url_subs.c:119:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(pgm,"fa",sizeof(pgm));
data/fasta3-36.3.8h.2020-02-11/src/url_subs.c:122:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(pgm,"fx",sizeof(pgm));
data/fasta3-36.3.8h.2020-02-11/src/url_subs.c:124:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else { strncpy(pgm,m_msp->f_id0,sizeof(pgm)); }
data/fasta3-36.3.8h.2020-02-11/src/url_subs.c:152:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lbp = &my_l_name[strlen(my_l_name)-2];
data/fasta3-36.3.8h.2020-02-11/src/url_subs.c:219:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (q_domain_s) n_tmp_domain += strlen(q_domain_s)+1;
data/fasta3-36.3.8h.2020-02-11/src/url_subs.c:220:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (l_domain_s) n_tmp_domain += strlen(l_domain_s)+1;
data/fasta3-36.3.8h.2020-02-11/src/url_subs.c:332:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(domain_s) + strlen(line)+1 > n_domain_s) {
data/fasta3-36.3.8h.2020-02-11/src/url_subs.c:332:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(domain_s) + strlen(line)+1 > n_domain_s) {
data/fasta3-36.3.8h.2020-02-11/src/url_subs.c:339:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
domain_s = realloc(domain_s, (n_domain_s=strlen(domain_s))+1);
data/fasta3-36.3.8h.2020-02-11/src/url_subs.c:362:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_tmp_annot_s = strlen(annot_var_s)*3 + 1;
data/fasta3-36.3.8h.2020-02-11/src/work_thr2.c:311:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(work_info->info_lib_range,info_lib_range,MAX_SSTR);
ANALYSIS SUMMARY:
Hits = 1377
Lines analyzed = 77974 in approximately 2.37 seconds (32962 lines/second)
Physical Source Lines of Code (SLOC) = 56253
Hits@level = [0] 1564 [1] 508 [2] 671 [3] 21 [4] 168 [5] 9
Hits@level+ = [0+] 2941 [1+] 1377 [2+] 869 [3+] 198 [4+] 177 [5+] 9
Hits/KSLOC@level+ = [0+] 52.2817 [1+] 24.4787 [2+] 15.4481 [3+] 3.51981 [4+] 3.1465 [5+] 0.159991
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.