Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/hilive-2.0a/lib/alignmentSettings.h
Examining data/hilive-2.0a/lib/alnout.cpp
Examining data/hilive-2.0a/lib/alnout.h
Examining data/hilive-2.0a/lib/alnread.cpp
Examining data/hilive-2.0a/lib/alnread.h
Examining data/hilive-2.0a/lib/alnstream.cpp
Examining data/hilive-2.0a/lib/alnstream.h
Examining data/hilive-2.0a/lib/argument_parser.cpp
Examining data/hilive-2.0a/lib/argument_parser.h
Examining data/hilive-2.0a/lib/definitions.h
Examining data/hilive-2.0a/lib/global_variables.h
Examining data/hilive-2.0a/lib/headers.h
Examining data/hilive-2.0a/lib/illumina_parsers.cpp
Examining data/hilive-2.0a/lib/illumina_parsers.h
Examining data/hilive-2.0a/lib/kindex.cpp
Examining data/hilive-2.0a/lib/kindex.h
Examining data/hilive-2.0a/lib/parallel.cpp
Examining data/hilive-2.0a/lib/parallel.h
Examining data/hilive-2.0a/lib/tools.cpp
Examining data/hilive-2.0a/lib/tools.h
Examining data/hilive-2.0a/lib/tools_static.cpp
Examining data/hilive-2.0a/lib/tools_static.h
Examining data/hilive-2.0a/tools/build_index.cpp
Examining data/hilive-2.0a/tools/hilive.cpp
Examining data/hilive-2.0a/tools/hilive_out.cpp
FINAL RESULTS:
data/hilive-2.0a/lib/alignmentSettings.h:528:25: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size = uint64_t(std::atol(value.c_str()));
data/hilive-2.0a/lib/alignmentSettings.h:883:48: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set_mode(OutputMode::BESTN, CountType(std::atol(bestn.c_str())));
data/hilive-2.0a/lib/alignmentSettings.h:1049:29: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
length = CountType(std::atol(length_string.c_str()));
data/hilive-2.0a/lib/alnout.cpp:123:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input.open(in_fname);
data/hilive-2.0a/lib/alnout.cpp:141:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output.open(out_fname);
data/hilive-2.0a/lib/alnout.cpp:186:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
istream->open(alignment_fname);
data/hilive-2.0a/lib/alnout.cpp:279:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
filters.open(filter_fname);
data/hilive-2.0a/lib/alnread.cpp:135:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d,&vDesc,sizeof(FMVertexDescriptor));
data/hilive-2.0a/lib/alnread.cpp:139:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d,&max_as,sizeof(ScoreType));
data/hilive-2.0a/lib/alnread.cpp:143:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d,&cigar_len,sizeof(uint8_t));
data/hilive-2.0a/lib/alnread.cpp:154:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d,&(serialized_value),sizeof(CountType));
data/hilive-2.0a/lib/alnread.cpp:160:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d,&mdz_length,sizeof(uint8_t));
data/hilive-2.0a/lib/alnread.cpp:167:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d,&next_byte,sizeof(uint8_t));
data/hilive-2.0a/lib/alnread.cpp:180:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&vDesc,d+bytes,sizeof(FMVertexDescriptor));
data/hilive-2.0a/lib/alnread.cpp:184:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&max_as,d+bytes,sizeof(ScoreType));
data/hilive-2.0a/lib/alnread.cpp:189:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cigar_len,d+bytes,sizeof(uint8_t));
data/hilive-2.0a/lib/alnread.cpp:198:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(serialized_value),d+bytes,sizeof(CountType));
data/hilive-2.0a/lib/alnread.cpp:212:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mdz_length, d+bytes, sizeof(uint8_t));
data/hilive-2.0a/lib/alnread.cpp:219:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&next_byte, d+bytes, sizeof(uint8_t));
data/hilive-2.0a/lib/alnread.cpp:461:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d,&flags,1);
data/hilive-2.0a/lib/alnread.cpp:465:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d,&sequenceLen,sizeof(CountType));
data/hilive-2.0a/lib/alnread.cpp:470:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d,&(*it),sizeof(uint8_t));
data/hilive-2.0a/lib/alnread.cpp:475:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d,&barcodeLen,sizeof(CountType));
data/hilive-2.0a/lib/alnread.cpp:480:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d,&(*it),sizeof(uint8_t));
data/hilive-2.0a/lib/alnread.cpp:485:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d,&num_seeds,sizeof(uint32_t));
data/hilive-2.0a/lib/alnread.cpp:494:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d,&seed_size,sizeof(uint16_t));
data/hilive-2.0a/lib/alnread.cpp:497:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d,seed_data.data(),seed_size);
data/hilive-2.0a/lib/alnread.cpp:510:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&flags,d,1);
data/hilive-2.0a/lib/alnread.cpp:515:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sequenceLen,d+bytes,sizeof(CountType));
data/hilive-2.0a/lib/alnread.cpp:524:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(elem),d+bytes,sizeof(uint8_t));
data/hilive-2.0a/lib/alnread.cpp:531:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&barcodeLen,d+bytes,sizeof(CountType));
data/hilive-2.0a/lib/alnread.cpp:540:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(elem),d+bytes,sizeof(uint8_t));
data/hilive-2.0a/lib/alnread.cpp:547:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&num_seeds,d+bytes,sizeof(uint32_t));
data/hilive-2.0a/lib/alnread.cpp:555:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&seed_size,d+bytes,sizeof(uint16_t));
data/hilive-2.0a/lib/alnread.cpp:559:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seed_data.data(),d+bytes,seed_size);
data/hilive-2.0a/lib/alnstream.cpp:39:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uint64_t oAlnStream::open(std::string f_name) {
data/hilive-2.0a/lib/alnstream.cpp:47:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fstream = fopen(fname.c_str(), "wb");
data/hilive-2.0a/lib/alnstream.cpp:87:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d,&lane,sizeof(uint16_t));
data/hilive-2.0a/lib/alnstream.cpp:91:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d,&tile,sizeof(uint16_t));
data/hilive-2.0a/lib/alnstream.cpp:95:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d,&cycle,sizeof(CountType));
data/hilive-2.0a/lib/alnstream.cpp:99:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d,&rlen,sizeof(CountType));
data/hilive-2.0a/lib/alnstream.cpp:103:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d,&num_reads,sizeof(uint32_t));
data/hilive-2.0a/lib/alnstream.cpp:132:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer.data()+buf_pos,&al_size,sizeof(uint32_t));
data/hilive-2.0a/lib/alnstream.cpp:138:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp.data(),&al_size,sizeof(uint32_t));
data/hilive-2.0a/lib/alnstream.cpp:141:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer.data()+buf_pos,temp.data(),first_part);
data/hilive-2.0a/lib/alnstream.cpp:153:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer.data(),temp.data()+first_part,sizeof(uint32_t)-first_part);
data/hilive-2.0a/lib/alnstream.cpp:161:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer.data()+buf_pos, data.data()+copied, to_copy);
data/hilive-2.0a/lib/alnstream.cpp:263:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uint64_t iAlnStream::open(std::string f_name) {
data/hilive-2.0a/lib/alnstream.cpp:275:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fstream = fopen(fname.c_str(), "rb");
data/hilive-2.0a/lib/alnstream.cpp:346:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&al_size,buffer.data()+buf_pos,sizeof(uint32_t));
data/hilive-2.0a/lib/alnstream.cpp:353:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp.data(),buffer.data()+buf_pos,first_part);
data/hilive-2.0a/lib/alnstream.cpp:370:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp.data()+first_part,buffer.data(),sizeof(uint32_t)-first_part);
data/hilive-2.0a/lib/alnstream.cpp:372:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&al_size,temp.data(),sizeof(uint32_t));
data/hilive-2.0a/lib/alnstream.cpp:380:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.data()+copied, buffer.data()+buf_pos, to_copy);
data/hilive-2.0a/lib/alnstream.cpp:483:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output.open(out_fname);
data/hilive-2.0a/lib/alnstream.cpp:508:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input.open(in_fname);
data/hilive-2.0a/lib/alnstream.cpp:536:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output.open(out_fname);
data/hilive-2.0a/lib/alnstream.cpp:543:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
basecalls.open(bcl_fname);
data/hilive-2.0a/lib/alnstream.cpp:551:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
filters.open(filter_fname);
data/hilive-2.0a/lib/alnstream.cpp:621:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input.open(in_fname);
data/hilive-2.0a/lib/alnstream.cpp:643:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output.open(out_fname);
data/hilive-2.0a/lib/alnstream.cpp:649:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
basecalls.open(bcl_fname);
data/hilive-2.0a/lib/alnstream.h:99:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uint64_t open(std::string f_name);
data/hilive-2.0a/lib/alnstream.h:194:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uint64_t open(std::string f_name);
data/hilive-2.0a/lib/illumina_parsers.cpp:5:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uint64_t BclParser::open (std::string fname) {
data/hilive-2.0a/lib/illumina_parsers.cpp:9:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&num_reads,data.data(),4);
data/hilive-2.0a/lib/illumina_parsers.cpp:40:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uint64_t FilterParser::open (std::string fname) {
data/hilive-2.0a/lib/illumina_parsers.cpp:44:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&num_reads,data.data()+8,4);
data/hilive-2.0a/lib/illumina_parsers.h:18:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uint64_t open(std::string fname);
data/hilive-2.0a/lib/illumina_parsers.h:41:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uint64_t open(std::string fname);
data/hilive-2.0a/lib/kindex.cpp:164:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d,&size,sizeof(uint32_t));
data/hilive-2.0a/lib/kindex.cpp:171:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d,&size,sizeof(uint32_t));
data/hilive-2.0a/lib/kindex.cpp:175:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d,seqn,seq_names[i].size());
data/hilive-2.0a/lib/kindex.cpp:202:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d,&seqlen,sizeof(uint32_t));
data/hilive-2.0a/lib/kindex.cpp:210:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d,&seqlen,sizeof(uint32_t));
data/hilive-2.0a/lib/kindex.cpp:230:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( seqan::open(idx, filename) != 1 ) // function returns 1 on success
data/hilive-2.0a/lib/kindex.cpp:253:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&num_seqs, d, sizeof(uint32_t));
data/hilive-2.0a/lib/kindex.cpp:259:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&curr_seqLength, d, sizeof(uint32_t));
data/hilive-2.0a/lib/kindex.cpp:264:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seq_name, d, curr_seqLength);
data/hilive-2.0a/lib/kindex.cpp:282:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&num_seqs, d, sizeof(uint32_t));
data/hilive-2.0a/lib/kindex.cpp:287:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&seqlength, d, sizeof(uint32_t));
data/hilive-2.0a/lib/tools_static.cpp:14:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fname.c_str(), "rb");
data/hilive-2.0a/lib/tools_static.cpp:43:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofile = fopen(fname.c_str(), "wb");
data/hilive-2.0a/lib/tools_static.cpp:127:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifile = fopen(bcl.c_str(), "rb");
data/hilive-2.0a/lib/alignmentSettings.h:1038:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for ( auto read = read_argument.begin(); read != read_argument.end(); ++read ) {
data/hilive-2.0a/lib/alignmentSettings.h:1038:75: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for ( auto read = read_argument.begin(); read != read_argument.end(); ++read ) {
data/hilive-2.0a/lib/alignmentSettings.h:1041:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
length_string = (*read).substr(0,(*read).length()-1);
data/hilive-2.0a/lib/alignmentSettings.h:1041:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
length_string = (*read).substr(0,(*read).length()-1);
data/hilive-2.0a/lib/alignmentSettings.h:1042:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
type = (*(*read).rbegin());
data/hilive-2.0a/lib/argument_parser.cpp:291:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for ( uint16_t read = 0; read != globalAlignmentSettings.get_seqs().size(); read ++) {
data/hilive-2.0a/lib/argument_parser.cpp:292:57: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::cout << globalAlignmentSettings.get_seq_by_id(read).length;
data/hilive-2.0a/lib/argument_parser.cpp:293:61: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
barcode_suffix = globalAlignmentSettings.get_seq_by_id(read).isBarcode() ? "B" : "R";
data/hilive-2.0a/lib/argument_parser.cpp:340:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (const auto &read : tree.get_child("RunInfo.Run.Reads") ) {
data/hilive-2.0a/lib/argument_parser.cpp:342:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( !read.second.get_child_optional("<xmlattr>.NumCycles")
data/hilive-2.0a/lib/argument_parser.cpp:343:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| !read.second.get_child_optional("<xmlattr>.IsIndexedRead") ) {
data/hilive-2.0a/lib/argument_parser.cpp:349:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sequence += read.second.get<std::string>("<xmlattr>.NumCycles");
data/hilive-2.0a/lib/argument_parser.cpp:350:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sequence += read.second.get<std::string>("<xmlattr>.IsIndexedRead") == "N" ? "R" : "B";
data/hilive-2.0a/lib/argument_parser.cpp:711:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for ( uint16_t read = 0; read != globalAlignmentSettings.get_seqs().size(); read ++) {
data/hilive-2.0a/lib/argument_parser.cpp:712:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::cout << globalAlignmentSettings.get_seq_by_id(read).length;
data/hilive-2.0a/lib/argument_parser.cpp:713:58: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
barcode_suffix = globalAlignmentSettings.get_seq_by_id(read).isBarcode() ? "B" : "R";
data/hilive-2.0a/lib/tools_static.cpp:28:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != size){
data/hilive-2.0a/lib/tools_static.cpp:30:67: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
error << "Error reading binary file " << fname << ": Read " << read << " bytes while file has " << size << " bytes.";
ANALYSIS SUMMARY:
Hits = 102
Lines analyzed = 9454 in approximately 0.30 seconds (31209 lines/second)
Physical Source Lines of Code (SLOC) = 4723
Hits@level = [0] 11 [1] 18 [2] 84 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 113 [1+] 102 [2+] 84 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 23.9255 [1+] 21.5964 [2+] 17.7853 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.