Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/binomial.c
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/binomial.h
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/buffer.c
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/buffer.h
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/common.c
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/common.h
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.h
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/distro.c
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/fasta.c
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/fasta.h
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/gdistribution.c
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/genotypes.c
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/genotypes.h
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistmaker.c
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistmaker2.c
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistquery.c
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmasker.c
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.c
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.h
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/iotest.c
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/matrix.c
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/matrix.h
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/queue.c
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/queue.h
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/sequence-file.c
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/sequence-file.h
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/sequence.c
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/sequence.h
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/simplex.c
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/simplex.h
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/thread-pool.c
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/thread-pool.h
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/trie.c
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/trie.h
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/utils.c
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/utils.h
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordmap.c
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordmap.h
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.c
Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.h
FINAL RESULTS:
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:219:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (c, "%s_subset", outputname);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:305:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (c, "%s_%d_union.list", outputname, maps[0]->header->wordlength);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:409:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "%s_%d_union.list", out, map1->header->wordlength);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:414:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "%s_%d_intrsec.list", out, map1->header->wordlength);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:419:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "%s_%d_0_diff1.list", out, map1->header->wordlength);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:424:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "%s_%d_0_diff2.list", out, map1->header->wordlength);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:762:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "%s_%d_%d_diff1.list", out, map1->header->wordlength, nmm);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:767:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "%s_%d_%d_diff2.list", out, map1->header->wordlength, nmm);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistquery.c:335:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while (fscanf (f, "%s\n", querystring) != EOF) {
data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.c:49:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (table->id, c);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.c:338:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "%s_%d.list", outputname, table->wordlength);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c:520:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand (1);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/buffer.h:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAX_SEQ_BUFFER_SIZE];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:40:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *tokenz[4];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:54:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
node_n_kmers = strtol ((const char *) tokenz[1], NULL, 10);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:155:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *tokenz[65536];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:169:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (db->names + names_pos, tokenz[0], lengths[0]);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:176:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
n_kmers = strtol ((const char *) tokenz[1], NULL, 10);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:388:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&major, cdata + cpos, 2);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:390:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&minor, cdata + cpos, 2);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:396:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&db->wordsize, cdata + cpos, 4);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:398:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&db->node_bits, cdata + cpos, 4);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:400:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&db->kmer_bits, cdata + cpos, 4);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:405:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&db->count_bits, cdata + cpos, 4);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:408:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&db->n_nodes, cdata + cpos, 8);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:410:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&db->n_kmers, cdata + cpos, 8);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:412:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&db->names_size, cdata + cpos, 8);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:416:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&nodes_start, cdata + cpos, 8);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:418:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&kmers_start, cdata + cpos, 8);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:420:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&names_start, cdata + cpos, 8);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:422:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&trie_start, cdata + cpos, 8);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:424:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&index_start, cdata + cpos, 8);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:448:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&blocksize, cdata + cpos, 8);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:456:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&blocksize, cdata + cpos, 8);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:459:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (db->kmers_16, cdata + cpos, db->n_kmers * 2);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:466:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&blocksize, cdata + cpos, 8);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:469:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (db->kmers_32, cdata + cpos, db->n_kmers * 4);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:477:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&blocksize, cdata + cpos, 8);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:484:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&blocksize, cdata + cpos, 8);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:491:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&blocksize, cdata + cpos, 8);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/distro.c:261:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_kmers = atoi (argv[argi]);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/distro.c:265:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_lists = atoi (argv[argi]);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/distro.c:269:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nthreads = atoi (argv[argi]);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/distro.c:474:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[33];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/distro.c:1014:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[1024];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/distro.c:1025:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (b, cdata + s, e - s);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/fasta.h:67:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char name[MAX_NAME_SIZE + 1];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:147:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *kmers[MAX_KMERS];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:170:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ref_start = atoi (argv[i + 2]);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:171:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ref_end = atoi (argv[i + 3]);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:172:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ref = (const char *) argv[i + 4];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:239:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *tokenz[MAX_KMERS + 4];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:247:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chr[32];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:249:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (chr, tokenz[0], lengths[0]);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:252:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ref_start = strtol ((const char *) tokenz[1], NULL, 10);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:253:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ref_end = strtol ((const char *) tokenz[2], NULL, 10);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:254:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ref = strndup ((const char *) tokenz[3], lengths[3]);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:257:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
kmers[nkmers++] = strndup ((const char *) tokenz[i], lengths[i]);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:830:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[32] = { 0 };
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:1633:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *tokenz[16];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:1640:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chr[32];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:1642:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (chr, tokenz[0], lengths[0]);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:1652:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
snvs[*n_snvs].pos = strtol ((const char *) tokenz[1], NULL, 10) - 1;
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:1804:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[2048], seq[2048];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:1815:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (name, p, len);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:1822:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (seq, p, len);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:1913:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[2048];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:1971:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[32] = { 0 };
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gdistribution.c:53:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *names[2];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:71:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *fnames[MAX_FILES];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:209:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[2048];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:291:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[2048];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:392:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[256]; /* the length is limited in main(..) method */
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:410:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outf[0] = fopen (fname, "w");
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:415:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outf[1] = fopen (fname, "w");
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:420:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outf[2] = fopen (fname, "w");
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:425:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outf[3] = fopen (fname, "w");
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:601:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofs = fopen (filename, "w");
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:637:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (b + bp, &word, 8);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:639:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (b + bp, &freq, 4);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:730:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[256]; /* the length is limited in main(..) method */
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:763:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outf[2] = fopen (fname, "w");
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:768:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outf[3] = fopen (fname, "w");
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistmaker.c:375:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[1024];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistmaker.c:594:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofs = fopen (filename, "w");
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistmaker.c:634:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (b + bp, &word, 8);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistmaker.c:636:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (b + bp, &freq, 4);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistmaker2.c:108:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char locks[256];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistmaker2.c:169:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *seqnames[1024];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistquery.c:326:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char querystring[256];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistquery.c:329:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (queryfile, "r");
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c:147:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *tokenz[16];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c:156:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int a = strtol ((const char *) tokenz[2 + 2 * j], NULL, 10);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c:157:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int b = strtol ((const char *) tokenz[2 + 2 * j + 1], NULL, 10);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c:413:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[64];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c:424:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (c, p, j);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c:746:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (x_params, params, sizeof (params));
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c:956:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *tokenz[16];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c:967:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sum += strtol ((const char *) tokenz[2 + 2 * j], NULL, 10);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c:968:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sum += strtol ((const char *) tokenz[2 + 2 * j + 1], NULL, 10);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:102:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *seqnames[1024];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:264:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofs = (fopen (wdb, "w+"));
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:346:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
db.index.files[i] = (char *) seqnames[i];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:421:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofs = (fopen (index, "w+"));
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:480:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (c, db.kmers_32 + db.nodes[i].kmers, db.nodes[i].nkmers * 4);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.c:33:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&index->nbits_file, cdata + cpos, 4);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.c:34:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&index->nbits_npos, cdata + cpos + 4, 4);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.c:35:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&index->nbits_kmer, cdata + cpos + 8, 4);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.c:38:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&index->n_files, cdata + cpos, 4);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.c:39:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&index->n_kmers, cdata + cpos + 4, 8);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.c:40:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&index->n_reads, cdata + cpos + 12, 8);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.c:43:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&files_start, cdata + cpos, 8);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.c:44:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&blocks_start, cdata + cpos + 8, 8);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.c:45:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&reads_start, cdata + cpos + 16, 8);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/iotest.c:22:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *filenames[2];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/iotest.c:30:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
blocksize = atoi (argv[++i]);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/iotest.c:52:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifs = fopen (filenames[0], "r");
data/genometester-4.0+git20200511.91cecb5+dfsg/src/iotest.c:73:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofs = fopen (filenames[0], "w");
data/genometester-4.0+git20200511.91cecb5+dfsg/src/trie.c:132:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&trie->nbits, p, 4);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/trie.c:134:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&trie->nbits_root, p, 4);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/trie.c:136:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&trie->nbranches, p, 8);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/trie.h:75:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[120];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/utils.c:45:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
handle = open (filename, O_RDONLY);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.c:329:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[256]; /* the length of the output name is limited and checked in main(..) method */
data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.c:332:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[BSIZE + 12];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.c:339:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (fname, "w");
data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.c:355:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (b + bp, &table->words[i], 8);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.c:357:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (b + bp, &table->frequencies[i], 4);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.c:435:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffix[32];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.c:436:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (suffix, "_%d.list", table->wordlength);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.h:36:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[16]; /* Text ID for debugging */
data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.h:69:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Read read;
data/genometester-4.0+git20200511.91cecb5+dfsg/src/distro.c:256:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current = string_to_word (argv[argi], strlen (argv[argi]));
data/genometester-4.0+git20200511.91cecb5+dfsg/src/distro.c:968:46: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
unsigned long long above = 0, below = 0, equal;
data/genometester-4.0+git20200511.91cecb5+dfsg/src/distro.c:975:121: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (debug > 1) fprintf (stderr, "Min %u med %u max %u, below %llu, equal %llu, above %llu\n", min, med, max, below, equal, above);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/distro.c:978:28: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (above > (below + equal)) {
data/genometester-4.0+git20200511.91cecb5+dfsg/src/distro.c:985:29: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if ((above - below) < equal) break;
data/genometester-4.0+git20200511.91cecb5+dfsg/src/distro.c:988:29: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if ((below - above) < equal) break;
data/genometester-4.0+git20200511.91cecb5+dfsg/src/fasta.c:37:96: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fasta_reader_init (FastaReader *reader, unsigned int wordlength, unsigned int canonize, int (* read) (void *), void *read_data)
data/genometester-4.0+git20200511.91cecb5+dfsg/src/fasta.c:43:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader->read = read;
data/genometester-4.0+git20200511.91cecb5+dfsg/src/fasta.c:102:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int cval = fgetc (ifs);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/fasta.c:128:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int cval = reader->read (reader->read_data);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/fasta.c:207:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cval = reader->read (reader->read_data);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/fasta.c:210:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cval = reader->read (reader->read_data);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/fasta.c:259:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cval = reader->read (reader->read_data);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/fasta.h:49:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (* read) (void *data);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/fasta.h:75:100: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fasta_reader_init (FastaReader *reader, unsigned int wordlength, unsigned int canonize, int (* read) (void *), void *read_data);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:43:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static void gasm_read_delete (GASMRead *read);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:50:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
memset (read, 0, sizeof (GASMRead));
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:54:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:58:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gasm_read_delete (GASMRead *read)
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:63:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
free (read);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:409:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define READ_NUCL(read,pos) _p[(1 + read) * 2048 + (pos)]
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:409:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define READ_NUCL(read,pos) _p[(1 + read) * 2048 + (pos)]
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:1746:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
word = string_to_word (kmers[i], strlen (kmers[i]));
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:1747:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rword = get_reverse_complement (word, strlen (kmers[i]));
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:248:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (outputname) > 200) {
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistmaker.c:207:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (outputname) > 200) {
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistmaker2.c:256:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (outputname) > 200) {
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistquery.c:276:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p.wordlength != strlen (querystring)) {
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistquery.c:277:115: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf (stderr, "Error: Incompatible wordlengths! Wordlength in list: %u, query length: %lu\n", p.wordlength, strlen (querystring));
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistquery.c:338:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p->wordlength != strlen (querystring)) {
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistquery.c:339:117: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf (stderr, "Error: Incompatible wordlengths! Wordlength in list: %u, query length: %lu\n", p->wordlength, strlen (querystring));
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistquery.c:430:44: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
unsigned long long above = 0, below = 0, equal;
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistquery.c:437:99: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (debug > 0) fprintf (stderr, "Trying median %u - equal %llu, below %llu, above %llu\n", med, equal, below, above);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistquery.c:440:25: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (above > (below + equal)) {
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistquery.c:447:26: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if ((above - below) < equal) break;
data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistquery.c:450:26: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if ((below - above) < equal) break;
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c:981:40: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
unsigned int above = 0, below = 0, equal;
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c:987:109: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (debug > 1) fprintf (stderr, "Trying median %u (%u) - equal %u, below %u, above %u\n", med / 6, med, equal, below, above);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c:990:28: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (above > (below + equal)) {
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c:997:29: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if ((above - below) < equal) break;
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c:1000:29: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if ((below - above) < equal) break;
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:358:57: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned long long name_pos = seq_files[rl->read.file_idx]->subseqs[rl->read.subseq].name_pos;
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:358:85: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned long long name_pos = seq_files[rl->read.file_idx]->subseqs[rl->read.subseq].name_pos;
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:360:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (rl->read.kmer_pos > max_kmer_pos) max_kmer_pos = rl->read.kmer_pos;
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:360:70: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (rl->read.kmer_pos > max_kmer_pos) max_kmer_pos = rl->read.kmer_pos;
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:395:55: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned long long name_pos = seq_files[rl->read.file_idx]->subseqs[rl->read.subseq].name_pos;
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:395:83: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned long long name_pos = seq_files[rl->read.file_idx]->subseqs[rl->read.subseq].name_pos;
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:396:63: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned long long code = ((unsigned long long) rl->read.dir << (db.index.nbits_file + db.index.nbits_npos + db.index.nbits_kmer)) |
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:397:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
((unsigned long long) rl->read.file_idx << (db.index.nbits_npos + db.index.nbits_kmer)) |
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:399:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rl->read.kmer_pos;
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:407:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert (_file_idx == rl->read.file_idx);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:408:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert (_dir == rl->read.dir);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:409:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert (_kmer_pos == rl->read.kmer_pos);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:501:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fprintf (stdout, " (%u/%u/%u)", rl->read.file_idx, rl->read.subseq, rl->read.kmer_pos);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:501:70: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fprintf (stdout, " (%u/%u/%u)", rl->read.file_idx, rl->read.subseq, rl->read.kmer_pos);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:501:87: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fprintf (stdout, " (%u/%u/%u)", rl->read.file_idx, rl->read.subseq, rl->read.kmer_pos);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:705:40: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
unsigned int above = 0, below = 0, equal;
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:720:109: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (debug > 1) fprintf (stderr, "Trying median %u (%u) - equal %u, below %u, above %u\n", med / 6, med, equal, below, above);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:723:28: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (above > (below + equal)) {
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:730:29: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if ((above - below) < equal) break;
data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:733:29: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if ((below - above) < equal) break;
data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.c:16:62: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gt4_index_get_read_info (GT4Index *index, unsigned long long read, unsigned int *file_idx, unsigned long long *name_pos, unsigned int *dir)
data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.c:19:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
code = read = index->reads[read];
data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.c:52:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cpos += strlen ((const char *) cdata + cpos);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.c:91:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int len = (unsigned int) strlen (index->files[i]) + 1;
data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.h:28:81: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned long long gt4_index_get_read_info (GT4Index *index, unsigned long long read, unsigned int *file_idx, unsigned long long *name_pos, unsigned int *dir);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/matrix.c:53:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (str);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/trie.c:44:40: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
trie->allocators = (TrieAllocator *) memalign (64, nallocators * sizeof (TrieAllocator));
data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.c:416:22: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
for (mismatch = 1; mismatch < 4; mismatch++) {
data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.c:418:12: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
mask = mismatch << (2 * i);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.c:445:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen (prefix) + strlen (suffix);
data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.c:445:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen (prefix) + strlen (suffix);
ANALYSIS SUMMARY:
Hits = 204
Lines analyzed = 13709 in approximately 0.48 seconds (28511 lines/second)
Physical Source Lines of Code (SLOC) = 11050
Hits@level = [0] 747 [1] 73 [2] 119 [3] 1 [4] 11 [5] 0
Hits@level+ = [0+] 951 [1+] 204 [2+] 131 [3+] 12 [4+] 11 [5+] 0
Hits/KSLOC@level+ = [0+] 86.0633 [1+] 18.4615 [2+] 11.8552 [3+] 1.08597 [4+] 0.995475 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.