Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/binomial.c Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/binomial.h Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/buffer.c Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/buffer.h Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/common.c Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/common.h Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.h Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/distro.c Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/fasta.c Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/fasta.h Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/gdistribution.c Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/genotypes.c Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/genotypes.h Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistmaker.c Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistmaker2.c Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistquery.c Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmasker.c Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.c Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.h Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/iotest.c Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/matrix.c Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/matrix.h Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/queue.c Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/queue.h Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/sequence-file.c Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/sequence-file.h Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/sequence.c Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/sequence.h Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/simplex.c Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/simplex.h Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/thread-pool.c Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/thread-pool.h Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/trie.c Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/trie.h Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/utils.c Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/utils.h Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordmap.c Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordmap.h Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.c Examining data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.h FINAL RESULTS: data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:219:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (c, "%s_subset", outputname); data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:305:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (c, "%s_%d_union.list", outputname, maps[0]->header->wordlength); data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:409:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fname, "%s_%d_union.list", out, map1->header->wordlength); data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:414:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fname, "%s_%d_intrsec.list", out, map1->header->wordlength); data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:419:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fname, "%s_%d_0_diff1.list", out, map1->header->wordlength); data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:424:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fname, "%s_%d_0_diff2.list", out, map1->header->wordlength); data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:762:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fname, "%s_%d_%d_diff1.list", out, map1->header->wordlength, nmm); data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:767:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fname, "%s_%d_%d_diff2.list", out, map1->header->wordlength, nmm); data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistquery.c:335:9: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. while (fscanf (f, "%s\n", querystring) != EOF) { data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.c:49:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (table->id, c); data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.c:338:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fname, "%s_%d.list", outputname, table->wordlength); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c:520:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand (1); data/genometester-4.0+git20200511.91cecb5+dfsg/src/buffer.h:32:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[MAX_SEQ_BUFFER_SIZE]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:40:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char *tokenz[4]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:54:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. node_n_kmers = strtol ((const char *) tokenz[1], NULL, 10); data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:155:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char *tokenz[65536]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:169:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (db->names + names_pos, tokenz[0], lengths[0]); data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:176:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. n_kmers = strtol ((const char *) tokenz[1], NULL, 10); data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:388:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&major, cdata + cpos, 2); data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:390:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&minor, cdata + cpos, 2); data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:396:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&db->wordsize, cdata + cpos, 4); data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:398:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&db->node_bits, cdata + cpos, 4); data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:400:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&db->kmer_bits, cdata + cpos, 4); data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:405:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&db->count_bits, cdata + cpos, 4); data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:408:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&db->n_nodes, cdata + cpos, 8); data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:410:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&db->n_kmers, cdata + cpos, 8); data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:412:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&db->names_size, cdata + cpos, 8); data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:416:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&nodes_start, cdata + cpos, 8); data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:418:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&kmers_start, cdata + cpos, 8); data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:420:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&names_start, cdata + cpos, 8); data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:422:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&trie_start, cdata + cpos, 8); data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:424:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&index_start, cdata + cpos, 8); data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:448:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&blocksize, cdata + cpos, 8); data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:456:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&blocksize, cdata + cpos, 8); data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:459:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (db->kmers_16, cdata + cpos, db->n_kmers * 2); data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:466:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&blocksize, cdata + cpos, 8); data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:469:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (db->kmers_32, cdata + cpos, db->n_kmers * 4); data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:477:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&blocksize, cdata + cpos, 8); data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:484:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&blocksize, cdata + cpos, 8); data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.c:491:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&blocksize, cdata + cpos, 8); data/genometester-4.0+git20200511.91cecb5+dfsg/src/distro.c:261:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). max_kmers = atoi (argv[argi]); data/genometester-4.0+git20200511.91cecb5+dfsg/src/distro.c:265:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). max_lists = atoi (argv[argi]); data/genometester-4.0+git20200511.91cecb5+dfsg/src/distro.c:269:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nthreads = atoi (argv[argi]); data/genometester-4.0+git20200511.91cecb5+dfsg/src/distro.c:474:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[33]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/distro.c:1014:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[1024]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/distro.c:1025:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, cdata + s, e - s); data/genometester-4.0+git20200511.91cecb5+dfsg/src/fasta.h:67:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char name[MAX_NAME_SIZE + 1]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:147:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *kmers[MAX_KMERS]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:170:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ref_start = atoi (argv[i + 2]); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:171:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ref_end = atoi (argv[i + 3]); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:172:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ref = (const char *) argv[i + 4]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:239:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char *tokenz[MAX_KMERS + 4]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:247:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chr[32]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:249:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (chr, tokenz[0], lengths[0]); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:252:36: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ref_start = strtol ((const char *) tokenz[1], NULL, 10); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:253:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ref_end = strtol ((const char *) tokenz[2], NULL, 10); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:254:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ref = strndup ((const char *) tokenz[3], lengths[3]); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:257:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. kmers[nkmers++] = strndup ((const char *) tokenz[i], lengths[i]); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:830:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[32] = { 0 }; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:1633:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char *tokenz[16]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:1640:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chr[32]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:1642:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (chr, tokenz[0], lengths[0]); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:1652:44: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. snvs[*n_snvs].pos = strtol ((const char *) tokenz[1], NULL, 10) - 1; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:1804:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[2048], seq[2048]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:1815:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (name, p, len); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:1822:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (seq, p, len); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:1913:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[2048]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:1971:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[32] = { 0 }; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gdistribution.c:53:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *names[2]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:71:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *fnames[MAX_FILES]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:209:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[2048]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:291:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[2048]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:392:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; /* the length is limited in main(..) method */ data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:410:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf[0] = fopen (fname, "w"); data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:415:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf[1] = fopen (fname, "w"); data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:420:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf[2] = fopen (fname, "w"); data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:425:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf[3] = fopen (fname, "w"); data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:601:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ofs = fopen (filename, "w"); data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:637:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b + bp, &word, 8); data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:639:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b + bp, &freq, 4); data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:730:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; /* the length is limited in main(..) method */ data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:763:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf[2] = fopen (fname, "w"); data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:768:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf[3] = fopen (fname, "w"); data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistmaker.c:375:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[1024]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistmaker.c:594:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ofs = fopen (filename, "w"); data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistmaker.c:634:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b + bp, &word, 8); data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistmaker.c:636:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b + bp, &freq, 4); data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistmaker2.c:108:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char locks[256]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistmaker2.c:169:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *seqnames[1024]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistquery.c:326:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char querystring[256]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistquery.c:329:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen (queryfile, "r"); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c:147:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char *tokenz[16]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c:156:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int a = strtol ((const char *) tokenz[2 + 2 * j], NULL, 10); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c:157:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int b = strtol ((const char *) tokenz[2 + 2 * j + 1], NULL, 10); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c:413:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[64]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c:424:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (c, p, j); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c:746:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (x_params, params, sizeof (params)); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c:956:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char *tokenz[16]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c:967:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. sum += strtol ((const char *) tokenz[2 + 2 * j], NULL, 10); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c:968:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. sum += strtol ((const char *) tokenz[2 + 2 * j + 1], NULL, 10); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:102:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *seqnames[1024]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:264:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ofs = (fopen (wdb, "w+")); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:346:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. db.index.files[i] = (char *) seqnames[i]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:421:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ofs = (fopen (index, "w+")); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:480:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (c, db.kmers_32 + db.nodes[i].kmers, db.nodes[i].nkmers * 4); data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.c:33:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&index->nbits_file, cdata + cpos, 4); data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.c:34:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&index->nbits_npos, cdata + cpos + 4, 4); data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.c:35:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&index->nbits_kmer, cdata + cpos + 8, 4); data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.c:38:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&index->n_files, cdata + cpos, 4); data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.c:39:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&index->n_kmers, cdata + cpos + 4, 8); data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.c:40:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&index->n_reads, cdata + cpos + 12, 8); data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.c:43:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&files_start, cdata + cpos, 8); data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.c:44:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&blocks_start, cdata + cpos + 8, 8); data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.c:45:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&reads_start, cdata + cpos + 16, 8); data/genometester-4.0+git20200511.91cecb5+dfsg/src/iotest.c:22:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *filenames[2]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/iotest.c:30:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). blocksize = atoi (argv[++i]); data/genometester-4.0+git20200511.91cecb5+dfsg/src/iotest.c:52:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ifs = fopen (filenames[0], "r"); data/genometester-4.0+git20200511.91cecb5+dfsg/src/iotest.c:73:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ofs = fopen (filenames[0], "w"); data/genometester-4.0+git20200511.91cecb5+dfsg/src/trie.c:132:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&trie->nbits, p, 4); data/genometester-4.0+git20200511.91cecb5+dfsg/src/trie.c:134:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&trie->nbits_root, p, 4); data/genometester-4.0+git20200511.91cecb5+dfsg/src/trie.c:136:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&trie->nbranches, p, 8); data/genometester-4.0+git20200511.91cecb5+dfsg/src/trie.h:75:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dummy[120]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/utils.c:45:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). handle = open (filename, O_RDONLY); data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.c:329:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; /* the length of the output name is limited and checked in main(..) method */ data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.c:332:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[BSIZE + 12]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.c:339:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen (fname, "w"); data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.c:355:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b + bp, &table->words[i], 8); data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.c:357:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b + bp, &table->frequencies[i], 4); data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.c:435:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char suffix[32]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.c:436:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (suffix, "_%d.list", table->wordlength); data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.h:36:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[16]; /* Text ID for debugging */ data/genometester-4.0+git20200511.91cecb5+dfsg/src/database.h:69:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read read; data/genometester-4.0+git20200511.91cecb5+dfsg/src/distro.c:256:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). current = string_to_word (argv[argi], strlen (argv[argi])); data/genometester-4.0+git20200511.91cecb5+dfsg/src/distro.c:968:46: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. unsigned long long above = 0, below = 0, equal; data/genometester-4.0+git20200511.91cecb5+dfsg/src/distro.c:975:121: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (debug > 1) fprintf (stderr, "Min %u med %u max %u, below %llu, equal %llu, above %llu\n", min, med, max, below, equal, above); data/genometester-4.0+git20200511.91cecb5+dfsg/src/distro.c:978:28: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (above > (below + equal)) { data/genometester-4.0+git20200511.91cecb5+dfsg/src/distro.c:985:29: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if ((above - below) < equal) break; data/genometester-4.0+git20200511.91cecb5+dfsg/src/distro.c:988:29: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if ((below - above) < equal) break; data/genometester-4.0+git20200511.91cecb5+dfsg/src/fasta.c:37:96: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fasta_reader_init (FastaReader *reader, unsigned int wordlength, unsigned int canonize, int (* read) (void *), void *read_data) data/genometester-4.0+git20200511.91cecb5+dfsg/src/fasta.c:43:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). reader->read = read; data/genometester-4.0+git20200511.91cecb5+dfsg/src/fasta.c:102:13: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int cval = fgetc (ifs); data/genometester-4.0+git20200511.91cecb5+dfsg/src/fasta.c:128:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int cval = reader->read (reader->read_data); data/genometester-4.0+git20200511.91cecb5+dfsg/src/fasta.c:207:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cval = reader->read (reader->read_data); data/genometester-4.0+git20200511.91cecb5+dfsg/src/fasta.c:210:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cval = reader->read (reader->read_data); data/genometester-4.0+git20200511.91cecb5+dfsg/src/fasta.c:259:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cval = reader->read (reader->read_data); data/genometester-4.0+git20200511.91cecb5+dfsg/src/fasta.h:49:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int (* read) (void *data); data/genometester-4.0+git20200511.91cecb5+dfsg/src/fasta.h:75:100: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int fasta_reader_init (FastaReader *reader, unsigned int wordlength, unsigned int canonize, int (* read) (void *), void *read_data); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:43:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). static void gasm_read_delete (GASMRead *read); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:50:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). memset (read, 0, sizeof (GASMRead)); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:54:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:58:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). gasm_read_delete (GASMRead *read) data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:63:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). free (read); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:409:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). #define READ_NUCL(read,pos) _p[(1 + read) * 2048 + (pos)] data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:409:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). #define READ_NUCL(read,pos) _p[(1 + read) * 2048 + (pos)] data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:1746:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). word = string_to_word (kmers[i], strlen (kmers[i])); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gassembler.c:1747:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rword = get_reverse_complement (word, strlen (kmers[i])); data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistcompare.c:248:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (outputname) > 200) { data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistmaker.c:207:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (outputname) > 200) { data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistmaker2.c:256:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (outputname) > 200) { data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistquery.c:276:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p.wordlength != strlen (querystring)) { data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistquery.c:277:115: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf (stderr, "Error: Incompatible wordlengths! Wordlength in list: %u, query length: %lu\n", p.wordlength, strlen (querystring)); data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistquery.c:338:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p->wordlength != strlen (querystring)) { data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistquery.c:339:117: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf (stderr, "Error: Incompatible wordlengths! Wordlength in list: %u, query length: %lu\n", p->wordlength, strlen (querystring)); data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistquery.c:430:44: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. unsigned long long above = 0, below = 0, equal; data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistquery.c:437:99: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (debug > 0) fprintf (stderr, "Trying median %u - equal %llu, below %llu, above %llu\n", med, equal, below, above); data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistquery.c:440:25: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (above > (below + equal)) { data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistquery.c:447:26: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if ((above - below) < equal) break; data/genometester-4.0+git20200511.91cecb5+dfsg/src/glistquery.c:450:26: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if ((below - above) < equal) break; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c:981:40: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. unsigned int above = 0, below = 0, equal; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c:987:109: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (debug > 1) fprintf (stderr, "Trying median %u (%u) - equal %u, below %u, above %u\n", med / 6, med, equal, below, above); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c:990:28: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (above > (below + equal)) { data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c:997:29: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if ((above - below) < equal) break; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_caller.c:1000:29: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if ((below - above) < equal) break; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:358:57: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). unsigned long long name_pos = seq_files[rl->read.file_idx]->subseqs[rl->read.subseq].name_pos; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:358:85: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). unsigned long long name_pos = seq_files[rl->read.file_idx]->subseqs[rl->read.subseq].name_pos; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:360:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (rl->read.kmer_pos > max_kmer_pos) max_kmer_pos = rl->read.kmer_pos; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:360:70: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (rl->read.kmer_pos > max_kmer_pos) max_kmer_pos = rl->read.kmer_pos; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:395:55: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). unsigned long long name_pos = seq_files[rl->read.file_idx]->subseqs[rl->read.subseq].name_pos; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:395:83: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). unsigned long long name_pos = seq_files[rl->read.file_idx]->subseqs[rl->read.subseq].name_pos; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:396:63: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). unsigned long long code = ((unsigned long long) rl->read.dir << (db.index.nbits_file + db.index.nbits_npos + db.index.nbits_kmer)) | data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:397:39: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ((unsigned long long) rl->read.file_idx << (db.index.nbits_npos + db.index.nbits_kmer)) | data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:399:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rl->read.kmer_pos; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:407:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). assert (_file_idx == rl->read.file_idx); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:408:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). assert (_dir == rl->read.dir); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:409:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). assert (_kmer_pos == rl->read.kmer_pos); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:501:51: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fprintf (stdout, " (%u/%u/%u)", rl->read.file_idx, rl->read.subseq, rl->read.kmer_pos); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:501:70: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fprintf (stdout, " (%u/%u/%u)", rl->read.file_idx, rl->read.subseq, rl->read.kmer_pos); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:501:87: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fprintf (stdout, " (%u/%u/%u)", rl->read.file_idx, rl->read.subseq, rl->read.kmer_pos); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:705:40: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. unsigned int above = 0, below = 0, equal; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:720:109: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (debug > 1) fprintf (stderr, "Trying median %u (%u) - equal %u, below %u, above %u\n", med / 6, med, equal, below, above); data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:723:28: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (above > (below + equal)) { data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:730:29: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if ((above - below) < equal) break; data/genometester-4.0+git20200511.91cecb5+dfsg/src/gmer_counter.c:733:29: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if ((below - above) < equal) break; data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.c:16:62: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). gt4_index_get_read_info (GT4Index *index, unsigned long long read, unsigned int *file_idx, unsigned long long *name_pos, unsigned int *dir) data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.c:19:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). code = read = index->reads[read]; data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.c:52:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cpos += strlen ((const char *) cdata + cpos); data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.c:91:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int len = (unsigned int) strlen (index->files[i]) + 1; data/genometester-4.0+git20200511.91cecb5+dfsg/src/index.h:28:81: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). unsigned long long gt4_index_get_read_info (GT4Index *index, unsigned long long read, unsigned int *file_idx, unsigned long long *name_pos, unsigned int *dir); data/genometester-4.0+git20200511.91cecb5+dfsg/src/matrix.c:53:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (str); data/genometester-4.0+git20200511.91cecb5+dfsg/src/trie.c:44:40: [1] (free) memalign: On some systems (though not Linux-based systems) an attempt to free() results from memalign() may fail. This may, on a few systems, be exploitable. Also note that memalign() may not check that the boundary parameter is correct (CWE-676). Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient. trie->allocators = (TrieAllocator *) memalign (64, nallocators * sizeof (TrieAllocator)); data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.c:416:22: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. for (mismatch = 1; mismatch < 4; mismatch++) { data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.c:418:12: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. mask = mismatch << (2 * i); data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.c:445:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen (prefix) + strlen (suffix); data/genometester-4.0+git20200511.91cecb5+dfsg/src/wordtable.c:445:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen (prefix) + strlen (suffix); ANALYSIS SUMMARY: Hits = 204 Lines analyzed = 13709 in approximately 0.48 seconds (28511 lines/second) Physical Source Lines of Code (SLOC) = 11050 Hits@level = [0] 747 [1] 73 [2] 119 [3] 1 [4] 11 [5] 0 Hits@level+ = [0+] 951 [1+] 204 [2+] 131 [3+] 12 [4+] 11 [5+] 0 Hits/KSLOC@level+ = [0+] 86.0633 [1+] 18.4615 [2+] 11.8552 [3+] 1.08597 [4+] 0.995475 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.