Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gff2aplot-2.0/src/ali2gff/ali2gff.h
Examining data/gff2aplot-2.0/src/ali2gff/ali2gff.c
FINAL RESULTS:
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:93:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prgCall,argv[0]);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:110:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(argv[1],"%s",xName) < 1) printUsage();
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:118:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(argv[1],"%s",yName) < 1) printUsage();
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:278:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((sscanf(line,"%*s %s %s %lu:%lu %lu:%lu %s %s %s",source,feature,&xb,&yb,&xe,&ye,scores,strands,frames)) < 9) wrongFormatError(infile);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:282:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((sscanf(scores,"%[^:]:%s",waste,waste2)) == 2) sprintf(scores,"%s:%s",waste2,waste);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:282:57: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if ((sscanf(scores,"%[^:]:%s",waste,waste2)) == 2) sprintf(scores,"%s:%s",waste2,waste);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:295:44: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (sscanf(scores,"%f",&score) == 1) sprintf(aliPrintString,"%s:%s\t%s\talignment\t%lu:%lu\t%lu:%lu\t%5.3f\t%s\t%s\t%s",yName,xName,source,yb,xb,ye,xe,score,strands,frames,cptr);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:296:44: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf(aliPrintString,"%s:%s\t%s\talignment\t%lu:%lu\t%lu:%lu\t%s\t%s\t%s\t%s", yName,xName,source,yb,xb,ye,xe,scores,strands,frames,cptr);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:299:44: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (sscanf(scores,"%f",&score) == 1) sprintf(aliPrintString,"%s:%s\t%s\talignment\t%lu:%lu\t%lu:%lu\t%5.3f\t%s\t%s\n",yName,xName,source,yb,xb,ye,xe,score,strands,frames);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:300:44: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf(aliPrintString,"%s:%s\t%s\talignment\t%lu:%lu\t%lu:%lu\t%s\t%s\t%s\n", yName,xName,source,yb,xb,ye,xe,scores,strands,frames);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:336:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((sscanf(line,"%*s %s %s %lu:%lu %lu:%lu %s %s %s",source,feature,&xb,&yb,&xe,&ye,scores,strands,frames)) < 9) wrongFormatError(infile);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:350:44: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (sscanf(scores,"%f",&score) == 1) sprintf(aliPrintString,"%s:%s\t%s\talignment\t%lu:%lu\t%lu:%lu\t%5.3f\t%s\t%s\t%s",xName,yName,source,xb,yb,xe,ye,score ,strands,frames,cptr);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:351:44: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf(aliPrintString,"%s:%s\t%s\talignment\t%lu:%lu\t%lu:%lu\t%s\t%s\t%s\t%s", xName,yName,source,xb,yb,xe,ye,scores,strands,frames,cptr);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:354:44: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (sscanf(scores,"%f",&score) == 1) sprintf(aliPrintString,"%s:%s\t%s\talignment\t%lu:%lu\t%lu:%lu\t%5.3f\t%s\t%s\n",xName,yName,source,xb,yb,xe,ye,score ,strands,frames);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:355:44: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf(aliPrintString,"%s:%s\t%s\talignment\t%lu:%lu\t%lu:%lu\t%s\t%s\t%s\n", xName,yName,source,xb,yb,xe,ye,scores,strands,frames);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:481:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(nextMUM,"%s:%s\tMUMmer\talignment\t%lu:%lu\t%lu:%lu\t1.000\t+:+\t%s\t# MUM\n%s:%s\tMUMmer\tfragment\t%lu:%lu\t%lu:%lu\t1.000\t+:+\t%s\n",yName,xName,yb,xb,ye,xe,frames,yName,xName,yb,xb,ye,xe,frames);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:499:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(seq1,line+4); // read part of first sequence
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:505:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(seq2,line+4);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:511:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(err,line+4);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:698:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(nextGAP,"%s:%s\tMUMmer\talignment\t%lu:%lu\t%lu:%lu\t",yName,xName,fyb,fxb,fye,fxe);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:705:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(nextMUM,"%s:%s\tMUMmer\talignment\t%lu:%lu\t%lu:%lu\t1.000\t+:+\t%s\t# MUM\n%s:%s\tMUMmer\tfragment\t%lu:%lu\t%lu:%lu\t1.000\t+:+\t%s\n",yName,xName,yb,xb,ye,xe,frames,yName,xName,yb,xb,ye,xe,frames);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:722:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(nextMUM,"%s:%s\tMUMmer\talignment\t%lu:%lu\t%lu:%lu\t1.000\t+:+\t%s\t# MUM\n%s:%s\tMUMmer\tfragment\t%lu:%lu\t%lu:%lu\t1.000\t+:+\t%s\n",xName,yName,xb,yb,xe,ye,frames,xName,yName,xb,yb,xe,ye,frames);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:740:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(seq1,line+4); // read part of first sequence
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:746:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(seq2,line+4);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:752:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(err,line+4);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:939:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(nextGAP,"%s:%s\tMUMmer\talignment\t%lu:%lu\t%lu:%lu\t",xName,yName,fxb,fyb,fxe,fye);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:946:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(nextMUM,"%s:%s\tMUMmer\talignment\t%lu:%lu\t%lu:%lu\t1.000\t+:+\t%s\t# MUM\n%s:%s\tMUMmer\tfragment\t%lu:%lu\t%lu:%lu\t1.000\t+:+\t%s\n",xName,yName,xb,yb,xe,ye,frames,xName,yName,xb,yb,xe,ye,frames);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:1035:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(line," \"%s ",waste) < 1) wrongFormatError(infile);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:1037:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (ptr != NULL) strcpy(source,ptr+1);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:1038:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(source,waste);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:1052:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (opt_r) sprintf (seqboundsline,"\t%s\tseqbounds\t%lu:%lu\t%lu:%lu\t.\t.\t.\n",source,yb,xb,ye,xe);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:1053:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf (seqboundsline,"\t%s\tseqbounds\t%lu:%lu\t%lu:%lu\t.\t.\t.\n",source,xb,yb,xe,ye);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:1092:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (opt_r) sprintf (aliPrintString,"%s:%s\t%s\talignment\t%lu:%lu\t%lu:%lu\t%5.3f\t%c:%c\t%c:%c\n",yName,xName,source,yb,xb,ye,xe,score,strand2,strand1,frameChar,frameChar);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:1093:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf (aliPrintString,"%s:%s\t%s\talignment\t%lu:%lu\t%lu:%lu\t%5.3f\t%c:%c\t%c:%c\n",xName,yName,source,xb,yb,xe,ye,score,strand1,strand2,frameChar,frameChar);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:69:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char prgCall[MAXSTRING]; /*----- program call -----*/
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:70:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char infile[MAXSTRING]; /*----- name of the input file -----*/
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:71:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char outfile[MAXSTRING]; /*----- name of the output file -----*/
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:77:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char xName[MAXSTRING] = "SEQ1"; /*----- species name for species 1 -----*/
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:78:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char yName[MAXSTRING] = "SEQ2"; /*----- species name for species 2 -----*/
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:147:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outfile,".gff");
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:148:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(stdoutCopy = fopen(outfile, "w"))) {fprintf(stderr,"Error: Unable to write file %s\n",outfile); exit(4);}
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:175:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTRING]; /*----- read line -----*/
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:180:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((alifile = fopen(infile, "r")) == NULL) {fprintf(stderr,"Error: Unable to input file %s\n",infile);exit(2);}
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:223:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTRING]; /*----- read line -----*/
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:226:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char waste[MAXSTRING];
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:227:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char waste2[MAXSTRING];
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:229:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char feature[MAXSTRING];
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:230:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source[MAXSTRING] = "GFF";
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:237:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scores[2*MAXSTRING];
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:242:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strands[4];
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:247:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frames[4];
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:250:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nowString[100];
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:253:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aliPrintString[MAXSTRING];
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:258:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GFFfile = fopen(infile, "r");
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:283:60: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if ((sscanf(strands,"%c:%c",&strand1,&strand2)) == 2) sprintf(strands,"%c:%c",strand2,strand1);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:284:65: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if ((sscanf(frames,"%c:%c",&frameChar1,&frameChar2)) == 2) sprintf(frames,"%c:%c",frameChar2,frameChar1);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:411:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTRING]; /*----- read line -----*/
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:424:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frames[4];
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:427:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nowString[100];
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:429:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nextMUM[5*MAXSTRING] = "";
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:430:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nextGAP[3*MAXSTRING] = "";
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:433:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq1[MAX_SEQUENCE_LENGTH];
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:434:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq2[MAX_SEQUENCE_LENGTH];
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:435:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MAX_SEQUENCE_LENGTH];
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:454:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MUMfile = fopen(infile, "r");
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:976:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTRING]; /*----- read line -----*/
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:977:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seqboundsline[2*MAXSTRING];
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:979:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char waste[MAXSTRING];
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:981:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source[MAXSTRING];
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:993:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nowString[100];
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:1003:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aliPrintString[4*MAXSTRING];
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:1007:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
simfile = fopen(infile, "r");
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:1187:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s1[MAXSTRING], s2[MAXSTRING];
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:1193:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n1 = sprintf(s1,"%.2f",user_time);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:1194:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n2 = sprintf(s2,"%.2f",real_time);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:135:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(infile,argv[1],MAXSTRING);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:143:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(outfile,infile,MAXSTRING );
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:500:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gaplen = strlen(seq1)-1;
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:527:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (DEBUG) fprintf(stderr,"gap data: length %d-20=%d\n%s\n%s\n%s\n",strlen(seq1),strlen(seq1)-20,seq1,seq2,err);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:527:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (DEBUG) fprintf(stderr,"gap data: length %d-20=%d\n%s\n%s\n%s\n",strlen(seq1),strlen(seq1)-20,seq1,seq2,err);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:555:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
flen = strlen(ptr11);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:741:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gaplen = strlen(seq1)-1;
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:768:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (DEBUG) fprintf(stderr,"gap data: length %d-20=%d\n%s\n%s\n%s\n",strlen(seq1),strlen(seq1)-20,seq1,seq2,err);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:768:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (DEBUG) fprintf(stderr,"gap data: length %d-20=%d\n%s\n%s\n%s\n",strlen(seq1),strlen(seq1)-20,seq1,seq2,err);
data/gff2aplot-2.0/src/ali2gff/ali2gff.c:796:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
flen = strlen(ptr11);
ANALYSIS SUMMARY:
Hits = 85
Lines analyzed = 1318 in approximately 0.08 seconds (15765 lines/second)
Physical Source Lines of Code (SLOC) = 806
Hits@level = [0] 131 [1] 10 [2] 41 [3] 0 [4] 34 [5] 0
Hits@level+ = [0+] 216 [1+] 85 [2+] 75 [3+] 34 [4+] 34 [5+] 0
Hits/KSLOC@level+ = [0+] 267.99 [1+] 105.459 [2+] 93.0521 [3+] 42.1836 [4+] 42.1836 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.