Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/hinge-0.5.0/src/consensus/consensus.cpp
Examining data/hinge-0.5.0/src/consensus/draft_chopper.cpp
Examining data/hinge-0.5.0/src/consensus/io_base.cpp
Examining data/hinge-0.5.0/src/consensus/draft.cpp
Examining data/hinge-0.5.0/src/filter/filter.cpp
Examining data/hinge-0.5.0/src/include/DB.h
Examining data/hinge-0.5.0/src/include/INIReader.h
Examining data/hinge-0.5.0/src/include/LAInterface.h
Examining data/hinge-0.5.0/src/include/QV.h
Examining data/hinge-0.5.0/src/include/align.h
Examining data/hinge-0.5.0/src/include/cmdline.h
Examining data/hinge-0.5.0/src/include/common.h
Examining data/hinge-0.5.0/src/include/ini.h
Examining data/hinge-0.5.0/src/include/kseq.h
Examining data/hinge-0.5.0/src/include/paf.h
Examining data/hinge-0.5.0/src/layout/hinging.cpp
Examining data/hinge-0.5.0/src/lib/DB.c
Examining data/hinge-0.5.0/src/lib/DW_banded.c
Examining data/hinge-0.5.0/src/lib/INIReader.cpp
Examining data/hinge-0.5.0/src/lib/LAInterface.cpp
Examining data/hinge-0.5.0/src/lib/QV.c
Examining data/hinge-0.5.0/src/lib/align.c
Examining data/hinge-0.5.0/src/lib/falcon.c
Examining data/hinge-0.5.0/src/lib/ini.c
Examining data/hinge-0.5.0/src/lib/kmer_lookup.c
Examining data/hinge-0.5.0/src/lib/paf.c
Examining data/hinge-0.5.0/src/maximal/maximal.cpp
Examining data/hinge-0.5.0/src/test/LAInterface_consensus_test.cpp
Examining data/hinge-0.5.0/src/test/LAInterface_test.cpp
Examining data/hinge-0.5.0/src/test/LAInterface_test1.cpp
Examining data/hinge-0.5.0/src/test/LAInterface_test_2DB.cpp
Examining data/hinge-0.5.0/src/test/omp_test.c
FINAL RESULTS:
data/hinge-0.5.0/src/consensus/draft.cpp:618:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(aseq, breads[std::get<0>(ladders[i][mx])].substr(std::get<1>(ladders[i][mx]),
data/hinge-0.5.0/src/consensus/draft.cpp:621:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bseq, breads[std::get<0>(ladders[i][j])].substr(std::get<1>(ladders[i][j]),
data/hinge-0.5.0/src/consensus/draft.cpp:642:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(q_aln_str + 1, alng->q_aln_str);
data/hinge-0.5.0/src/consensus/draft.cpp:643:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t_aln_str + 1, alng->t_aln_str);
data/hinge-0.5.0/src/consensus/draft_chopper.cpp:210:72: [4] (misc) getlogin:
It's often easy to fool getlogin. Sometimes it does not work at all,
because some program messed up the utmp file. Often, it gives only the
first 8 characters of the login name. The user currently logged in on the
controlling tty of our program need not be the user who started it. Avoid
getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
and extract the desired information instead.
console->info("current user {}, current working directory {}", getlogin(), buff);
data/hinge-0.5.0/src/consensus/draft_chopper.cpp:902:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(aseq, breads[std::get<0>(ladders[i][mx])].substr(std::get<1>(ladders[i][mx]),
data/hinge-0.5.0/src/consensus/draft_chopper.cpp:905:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bseq, breads[std::get<0>(ladders[i][j])].substr(std::get<1>(ladders[i][j]),
data/hinge-0.5.0/src/consensus/draft_chopper.cpp:926:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(q_aln_str + 1, alng->q_aln_str);
data/hinge-0.5.0/src/consensus/draft_chopper.cpp:927:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t_aln_str + 1, alng->t_aln_str);
data/hinge-0.5.0/src/consensus/io_base.cpp:151:68: [4] (misc) getlogin:
It's often easy to fool getlogin. Sometimes it does not work at all,
because some program messed up the utmp file. Often, it gives only the
first 8 characters of the login name. The user currently logged in on the
controlling tty of our program need not be the user who started it. Avoid
getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
and extract the desired information instead.
console->info("current user {}, current working directory {}", getlogin(), buff);
data/hinge-0.5.0/src/include/DB.h:78:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define EPRINTF sprintf
data/hinge-0.5.0/src/include/DB.h:84:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define EPRINTF fprintf
data/hinge-0.5.0/src/lib/DB.c:193:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cat,"%s%s%s%s",path,sep,root,suffix);
data/hinge-0.5.0/src/lib/DB.c:213:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(suffix,"%s%d%s",left,num,right);
data/hinge-0.5.0/src/lib/DB.c:452:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_NFILE,&nfiles) != 1)
data/hinge-0.5.0/src/lib/DB.c:457:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_FDATA,&tlast,fname,prolog) != 3)
data/hinge-0.5.0/src/lib/DB.c:461:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_NBLOCK,&nblocks) != 1)
data/hinge-0.5.0/src/lib/DB.c:472:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(dbvis,DB_PARAMS,&size,&cutoff,&all) != 3)
data/hinge-0.5.0/src/lib/DB.c:484:15: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_BDATA,&ufirst,&tfirst) != 2)
data/hinge-0.5.0/src/lib/DB.c:488:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_BDATA,&ulast,&tlast) != 2)
data/hinge-0.5.0/src/lib/DB.c:866:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_NFILE,&nfiles) != 1)
data/hinge-0.5.0/src/lib/DB.c:884:17: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/hinge-0.5.0/src/lib/DB.c:895:17: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/hinge-0.5.0/src/lib/DB.c:916:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
fscanf(istub,DB_NFILE,&nfiles);
data/hinge-0.5.0/src/lib/DB.c:920:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ fscanf(istub,DB_FDATA,&last,fname,prolog);
data/hinge-0.5.0/src/lib/DB.c:925:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ fscanf(istub,DB_FDATA,&last,fname,prolog);
data/hinge-0.5.0/src/lib/DB.c:984:17: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/hinge-0.5.0/src/lib/LAInterface.cpp:33:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fn, filename.c_str());
data/hinge-0.5.0/src/lib/LAInterface.cpp:36:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fn2, filename2.c_str());
data/hinge-0.5.0/src/lib/LAInterface.cpp:61:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fn_1, fn);
data/hinge-0.5.0/src/lib/LAInterface.cpp:68:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dstub, DB_NFILE, &nfiles) != 1) SYSTEM_ERROR
data/hinge-0.5.0/src/lib/LAInterface.cpp:84:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dstub, DB_FDATA, findx + i, fname, prolog) != 3) SYSTEM_ERROR
data/hinge-0.5.0/src/lib/LAInterface.cpp:94:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fn_2, fn2);
data/hinge-0.5.0/src/lib/LAInterface.cpp:101:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dstub, DB_NFILE, &nfiles2) != 1) SYSTEM_ERROR
data/hinge-0.5.0/src/lib/LAInterface.cpp:117:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dstub, DB_FDATA, findx2 + i, fname, prolog) != 3) SYSTEM_ERROR
data/hinge-0.5.0/src/lib/LAInterface.cpp:135:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fn, filename.c_str());
data/hinge-0.5.0/src/lib/LAInterface.cpp:151:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fn2, fn);
data/hinge-0.5.0/src/lib/LAInterface.cpp:158:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dstub, DB_NFILE, &nfiles) != 1) SYSTEM_ERROR
data/hinge-0.5.0/src/lib/LAInterface.cpp:174:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dstub, DB_FDATA, findx + i, fname, prolog) != 3) SYSTEM_ERROR
data/hinge-0.5.0/src/lib/LAInterface.cpp:598:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fn, filename.c_str());
data/hinge-0.5.0/src/test/LAInterface_consensus_test.cpp:88:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq, base_structure.c_str());
data/hinge-0.5.0/src/test/LAInterface_consensus_test.cpp:111:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(q_aln_str, alignment.second.c_str());
data/hinge-0.5.0/src/test/LAInterface_consensus_test.cpp:112:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t_aln_str, alignment.first.c_str());
data/hinge-0.5.0/src/consensus/draft_chopper.cpp:209:9: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
getwd(buff);
data/hinge-0.5.0/src/consensus/io_base.cpp:150:5: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
getwd(buff);
data/hinge-0.5.0/src/filter/filter.cpp:620:9: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/hinge-0.5.0/src/maximal/maximal.cpp:691:9: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/hinge-0.5.0/src/consensus/consensus.cpp:27:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ToU[4] = { 'A', 'C', 'G', 'T' };
data/hinge-0.5.0/src/consensus/draft.cpp:853:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
read_number = atoi(read_line.c_str());
data/hinge-0.5.0/src/filter/filter.cpp:319:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
restrict_reads = fopen(name_restrict, "r");
data/hinge-0.5.0/src/include/kseq.h:135:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str->s + str->l, ks->buf + ks->begin, i - ks->begin); \
data/hinge-0.5.0/src/layout/hinging.cpp:404:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
read_number = atoi(read_line.c_str());
data/hinge-0.5.0/src/layout/hinging.cpp:870:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mask_file = fopen(name_mask.c_str(), "r");
data/hinge-0.5.0/src/layout/hinging.cpp:880:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
repeat_file = fopen(name_rep.c_str(), "r");
data/hinge-0.5.0/src/layout/hinging.cpp:882:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hinge_file = fopen(name_hg.c_str(), "r");
data/hinge-0.5.0/src/layout/hinging.cpp:1077:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
G_out = fopen("edges.g_out.txt", "w");
data/hinge-0.5.0/src/layout/hinging.cpp:1119:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_backup = fopen("edges.fwd.backup.txt", "w");
data/hinge-0.5.0/src/layout/hinging.cpp:1136:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_backup = fopen("edges.bkw.backup.txt", "w");
data/hinge-0.5.0/src/layout/hinging.cpp:1162:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_g1 = fopen((std::string(out_name) + ".edges.1").c_str(), "w");
data/hinge-0.5.0/src/layout/hinging.cpp:1163:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_g2 = fopen((std::string(out_name) + ".edges.2").c_str(), "w");
data/hinge-0.5.0/src/layout/hinging.cpp:1166:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_hg = fopen((std::string(out_name) + ".edges.hinges").c_str(), "w");
data/hinge-0.5.0/src/layout/hinging.cpp:1167:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_hg2 = fopen((std::string(out_name) + ".edges.hinges2").c_str(), "w");
data/hinge-0.5.0/src/layout/hinging.cpp:1168:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_greedy = fopen((std::string(out_name) + ".edges.greedy").c_str(), "w");
data/hinge-0.5.0/src/layout/hinging.cpp:1169:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_skipped = fopen((std::string(out_name) + ".edges.skipped").c_str(), "w");
data/hinge-0.5.0/src/layout/hinging.cpp:1357:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_hgraph = fopen((std::string(out_name) + ".hgraph").c_str(), "w");
data/hinge-0.5.0/src/layout/hinging.cpp:1360:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_debug = fopen((std::string(out_name) + ".debug").c_str(), "w");
data/hinge-0.5.0/src/layout/hinging.cpp:1363:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
OverlapDebugFile = fopen("overlap_debug.txt", "w");
data/hinge-0.5.0/src/layout/hinging.cpp:1697:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_hglist = fopen((std::string(out_name) + ".hinge.list").c_str(), "w");
data/hinge-0.5.0/src/lib/DB.c:77:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Ebuffer[1000];
data/hinge-0.5.0/src/lib/DB.c:122:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(name,mode)) == NULL)
data/hinge-0.5.0/src/lib/DB.c:303:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*s++ = (char ) ((s0[i] << 6) | (s1[i] << 4) | (s2[i] << 2) | s3[i]);
data/hinge-0.5.0/src/lib/DB.c:337:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char letter[4] = { 'a', 'c', 'g', 't' };
data/hinge-0.5.0/src/lib/DB.c:345:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char letter[4] = { 'A', 'C', 'G', 'T' };
data/hinge-0.5.0/src/lib/DB.c:355:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char number[128] =
data/hinge-0.5.0/src/lib/DB.c:429:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dbvis = fopen(cat,"r")) == NULL)
data/hinge-0.5.0/src/lib/DB.c:433:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dbvis = fopen(cat,"r")) == NULL)
data/hinge-0.5.0/src/lib/DB.c:449:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAX_NAME], prolog[MAX_NAME];
data/hinge-0.5.0/src/lib/DB.c:863:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prolog[MAX_NAME], fname[MAX_NAME];
data/hinge-0.5.0/src/lib/DB.c:1087:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ afile = fopen(Catenate(db->path,Numbered_Suffix(".",db->part,"."),track,".anno"),"r");
data/hinge-0.5.0/src/lib/DB.c:1091:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ afile = fopen(Catenate(db->path,".",track,".anno"),"r");
data/hinge-0.5.0/src/lib/DB.c:1154:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ afile = fopen(Catenate(db->path,Numbered_Suffix(".",db->part,"."),track,".anno"),"r");
data/hinge-0.5.0/src/lib/DB.c:1158:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ afile = fopen(Catenate(db->path,".",track,".anno"),"r");
data/hinge-0.5.0/src/lib/DB.c:1177:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dfile = fopen(name,"r");
data/hinge-0.5.0/src/lib/LAInterface.cpp:62:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(fn_1, ".db");
data/hinge-0.5.0/src/lib/LAInterface.cpp:82:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prolog[MAX_NAME], fname[MAX_NAME];
data/hinge-0.5.0/src/lib/LAInterface.cpp:95:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(fn_2, ".db");
data/hinge-0.5.0/src/lib/LAInterface.cpp:115:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prolog[MAX_NAME], fname[MAX_NAME];
data/hinge-0.5.0/src/lib/LAInterface.cpp:152:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(fn2, ".db");
data/hinge-0.5.0/src/lib/LAInterface.cpp:172:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prolog[MAX_NAME], fname[MAX_NAME];
data/hinge-0.5.0/src/lib/LAInterface.cpp:1492:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_ovl->trace_pts, ovl->path.trace, ovl->path.tlen * sizeof(uint16));
data/hinge-0.5.0/src/lib/LAInterface.cpp:1610:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_ovl->trace_pts, ovl->path.trace, ovl->path.tlen * sizeof(uint16));
data/hinge-0.5.0/src/lib/LAInterface.cpp:2003:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_al->trace_pts, ovl->path.trace, ovl->path.tlen * sizeof(uint16));
data/hinge-0.5.0/src/lib/LAInterface.cpp:2405:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_al->trace_pts, ovl->path.trace, ovl->path.tlen * sizeof(uint16));
data/hinge-0.5.0/src/lib/LAInterface.cpp:2881:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ToL[8] = { 'a', 'c', 'g', 't', '.', '[', ']', '-' };
data/hinge-0.5.0/src/lib/LAInterface.cpp:2882:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ToU[8] = { 'A', 'C', 'G', 'T', '.', '[', ']', '-' };
data/hinge-0.5.0/src/lib/LAInterface.cpp:4182:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(path->trace, alignment->trace_pts, path->tlen * sizeof(uint16));
data/hinge-0.5.0/src/lib/LAInterface.cpp:4815:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char substr[15];
data/hinge-0.5.0/src/lib/LAInterface.cpp:4818:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(substr);
data/hinge-0.5.0/src/lib/align.c:3246:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ToL[8] = { 'a', 'c', 'g', 't', '.', '[', ']', '-' };
data/hinge-0.5.0/src/lib/align.c:3247:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ToU[8] = { 'A', 'C', 'G', 'T', '.', '[', ']', '-' };
data/hinge-0.5.0/src/lib/ini.c:71:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[INI_MAX_LINE];
data/hinge-0.5.0/src/lib/ini.c:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char section[MAX_SECTION] = "";
data/hinge-0.5.0/src/lib/ini.c:76:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prev_name[MAX_NAME] = "";
data/hinge-0.5.0/src/lib/ini.c:181:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(filename, "r");
data/hinge-0.5.0/src/maximal/maximal.cpp:385:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
restrict_reads = fopen(name_restrict, "r");
data/hinge-0.5.0/src/maximal/maximal.cpp:525:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mask_file = fopen(name_mask.c_str(), "r");
data/hinge-0.5.0/src/consensus/draft.cpp:581:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (coverages[read]->at(pos) < mincoverage) mincoverage = coverages[read]->at(pos);
data/hinge-0.5.0/src/consensus/draft.cpp:581:89: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (coverages[read]->at(pos) < mincoverage) mincoverage = coverages[read]->at(pos);
data/hinge-0.5.0/src/consensus/draft.cpp:628:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arange->e1 = strlen(bseq);
data/hinge-0.5.0/src/consensus/draft.cpp:630:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arange->e2 = strlen(aseq);
data/hinge-0.5.0/src/consensus/draft.cpp:638:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *q_aln_str = (char *) malloc((5 + strlen(alng->q_aln_str)) * sizeof(char));
data/hinge-0.5.0/src/consensus/draft.cpp:639:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *t_aln_str = (char *) malloc((5 + strlen(alng->t_aln_str)) * sizeof(char));
data/hinge-0.5.0/src/consensus/draft.cpp:648:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int pos = 0; pos < strlen(q_aln_str); pos++) q_aln_str[pos] = toupper(q_aln_str[pos]);
data/hinge-0.5.0/src/consensus/draft.cpp:649:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int pos = 0; pos < strlen(t_aln_str); pos++) t_aln_str[pos] = toupper(t_aln_str[pos]);
data/hinge-0.5.0/src/consensus/draft.cpp:655:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(alng->q_aln_str) + 1,
data/hinge-0.5.0/src/consensus/draft.cpp:801:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_db) > 0)
data/hinge-0.5.0/src/consensus/draft.cpp:828:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_db) > 0) {
data/hinge-0.5.0/src/consensus/draft.cpp:834:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_fasta) > 0) {
data/hinge-0.5.0/src/consensus/draft.cpp:840:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_db) > 0) {
data/hinge-0.5.0/src/consensus/draft.cpp:922:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_paf) > 0) {
data/hinge-0.5.0/src/consensus/draft.cpp:1159:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_db) > 0)
data/hinge-0.5.0/src/consensus/draft_chopper.cpp:226:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_db) > 0)
data/hinge-0.5.0/src/consensus/draft_chopper.cpp:230:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_las) > 0)
data/hinge-0.5.0/src/consensus/draft_chopper.cpp:235:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_las) > 0) {
data/hinge-0.5.0/src/consensus/draft_chopper.cpp:242:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_db) > 0)
data/hinge-0.5.0/src/consensus/draft_chopper.cpp:247:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_fasta) > 0) {
data/hinge-0.5.0/src/consensus/draft_chopper.cpp:255:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_las) > 0) {
data/hinge-0.5.0/src/consensus/draft_chopper.cpp:260:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_paf) > 0) {
data/hinge-0.5.0/src/consensus/draft_chopper.cpp:272:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_db) > 0) {
data/hinge-0.5.0/src/consensus/draft_chopper.cpp:865:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (coverages[read]->at(pos) < mincoverage) mincoverage = coverages[read]->at(pos);
data/hinge-0.5.0/src/consensus/draft_chopper.cpp:865:93: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (coverages[read]->at(pos) < mincoverage) mincoverage = coverages[read]->at(pos);
data/hinge-0.5.0/src/consensus/draft_chopper.cpp:912:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arange->e1 = strlen(bseq);
data/hinge-0.5.0/src/consensus/draft_chopper.cpp:914:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arange->e2 = strlen(aseq);
data/hinge-0.5.0/src/consensus/draft_chopper.cpp:922:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *q_aln_str = (char *) malloc((5 + strlen(alng->q_aln_str)) * sizeof(char));
data/hinge-0.5.0/src/consensus/draft_chopper.cpp:923:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *t_aln_str = (char *) malloc((5 + strlen(alng->t_aln_str)) * sizeof(char));
data/hinge-0.5.0/src/consensus/draft_chopper.cpp:932:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int pos = 0; pos < strlen(q_aln_str); pos++) q_aln_str[pos] = toupper(q_aln_str[pos]);
data/hinge-0.5.0/src/consensus/draft_chopper.cpp:933:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int pos = 0; pos < strlen(t_aln_str); pos++) t_aln_str[pos] = toupper(t_aln_str[pos]);
data/hinge-0.5.0/src/consensus/draft_chopper.cpp:939:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(alng->q_aln_str) + 1,
data/hinge-0.5.0/src/consensus/draft_chopper.cpp:962:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("Consensus len :%d\n",strlen(consensus->sequence));
data/hinge-0.5.0/src/consensus/draft_chopper.cpp:1002:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_db) > 0)
data/hinge-0.5.0/src/consensus/io_base.cpp:165:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_db) > 0)
data/hinge-0.5.0/src/consensus/io_base.cpp:169:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_las) > 0)
data/hinge-0.5.0/src/consensus/io_base.cpp:174:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_las) > 0) {
data/hinge-0.5.0/src/consensus/io_base.cpp:181:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_db) > 0)
data/hinge-0.5.0/src/consensus/io_base.cpp:186:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_fasta) > 0) {
data/hinge-0.5.0/src/consensus/io_base.cpp:194:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_las) > 0) {
data/hinge-0.5.0/src/consensus/io_base.cpp:199:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_paf) > 0) {
data/hinge-0.5.0/src/consensus/io_base.cpp:211:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_db) > 0) {
data/hinge-0.5.0/src/consensus/io_base.cpp:272:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_db) > 0)
data/hinge-0.5.0/src/filter/filter.cpp:213:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
db_and_las = (strlen(name_db) > 0) and (strlen(name_las_base) > 0);
data/hinge-0.5.0/src/filter/filter.cpp:213:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
db_and_las = (strlen(name_db) > 0) and (strlen(name_las_base) > 0);
data/hinge-0.5.0/src/filter/filter.cpp:214:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
db_or_las = (strlen(name_db) > 0) or (strlen(name_las_base) > 0);
data/hinge-0.5.0/src/filter/filter.cpp:214:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
db_or_las = (strlen(name_db) > 0) or (strlen(name_las_base) > 0);
data/hinge-0.5.0/src/filter/filter.cpp:215:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fa_and_paf = (strlen(name_fasta) > 0) and (strlen(name_paf) > 0);
data/hinge-0.5.0/src/filter/filter.cpp:215:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fa_and_paf = (strlen(name_fasta) > 0) and (strlen(name_paf) > 0);
data/hinge-0.5.0/src/filter/filter.cpp:216:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fa_or_paf = (strlen(name_fasta) > 0) or (strlen(name_paf) > 0);
data/hinge-0.5.0/src/filter/filter.cpp:216:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fa_or_paf = (strlen(name_fasta) > 0) or (strlen(name_paf) > 0);
data/hinge-0.5.0/src/filter/filter.cpp:236:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(name_las_base) > 0) {
data/hinge-0.5.0/src/filter/filter.cpp:266:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_db) > 0)
data/hinge-0.5.0/src/filter/filter.cpp:284:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_db) > 0)
data/hinge-0.5.0/src/filter/filter.cpp:289:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_fasta) > 0) {
data/hinge-0.5.0/src/filter/filter.cpp:302:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_db) > 0) {
data/hinge-0.5.0/src/filter/filter.cpp:317:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_restrict) > 0){
data/hinge-0.5.0/src/filter/filter.cpp:337:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_las_list[0].c_str()) > 0)
data/hinge-0.5.0/src/filter/filter.cpp:465:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_las) > 0)
data/hinge-0.5.0/src/filter/filter.cpp:467:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(strlen(name_paf) > 0)
data/hinge-0.5.0/src/filter/filter.cpp:479:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_las) > 0) {
data/hinge-0.5.0/src/filter/filter.cpp:481:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_las_list[part].c_str()) > 0)
data/hinge-0.5.0/src/filter/filter.cpp:487:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_las) > 0) {
data/hinge-0.5.0/src/filter/filter.cpp:494:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_las) > 0) {
data/hinge-0.5.0/src/filter/filter.cpp:499:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_paf) > 0) {
data/hinge-0.5.0/src/filter/filter.cpp:1103:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_las) > 0) {
data/hinge-0.5.0/src/filter/filter.cpp:1116:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_db)>0)
data/hinge-0.5.0/src/include/DB.h:398:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int Load_Read(HITS_DB *db, int i, char *read, int ascii);
data/hinge-0.5.0/src/include/DB.h:407:64: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *Load_Subread(HITS_DB *db, int i, int beg, int end, char *read, int ascii);
data/hinge-0.5.0/src/include/cmdline.h:721:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
actual=read(value);
data/hinge-0.5.0/src/include/cmdline.h:767:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual T read(const std::string &s)=0;
data/hinge-0.5.0/src/include/cmdline.h:792:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
T read(const std::string &s){
data/hinge-0.5.0/src/layout/hinging.cpp:363:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_paf) > 0)
data/hinge-0.5.0/src/layout/hinging.cpp:366:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_las_base) > 0) {
data/hinge-0.5.0/src/layout/hinging.cpp:384:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (mult_las and strlen(name_las_base) > 0) {
data/hinge-0.5.0/src/layout/hinging.cpp:388:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(name_las_base) > 0)
data/hinge-0.5.0/src/layout/hinging.cpp:415:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_las) > 0)
data/hinge-0.5.0/src/layout/hinging.cpp:417:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(strlen(name_paf) > 0)
data/hinge-0.5.0/src/layout/hinging.cpp:425:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_las_base) > 0) {
data/hinge-0.5.0/src/layout/hinging.cpp:428:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_las_list[part].c_str()) > 0)
data/hinge-0.5.0/src/layout/hinging.cpp:437:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_las_base) > 0) {
data/hinge-0.5.0/src/layout/hinging.cpp:438:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_las_list[part].c_str()) > 0) {
data/hinge-0.5.0/src/layout/hinging.cpp:443:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_las_list[part].c_str()) > 0) {
data/hinge-0.5.0/src/layout/hinging.cpp:449:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_paf) > 0){
data/hinge-0.5.0/src/layout/hinging.cpp:504:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_las_base) > 0)
data/hinge-0.5.0/src/layout/hinging.cpp:542:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_db) > 0)
data/hinge-0.5.0/src/layout/hinging.cpp:572:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_db) > 0)
data/hinge-0.5.0/src/layout/hinging.cpp:699:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
db_and_las = (strlen(name_db) > 0) and (strlen(name_las) > 0);
data/hinge-0.5.0/src/layout/hinging.cpp:699:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
db_and_las = (strlen(name_db) > 0) and (strlen(name_las) > 0);
data/hinge-0.5.0/src/layout/hinging.cpp:700:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
db_or_las = (strlen(name_db) > 0) or (strlen(name_las) > 0);
data/hinge-0.5.0/src/layout/hinging.cpp:700:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
db_or_las = (strlen(name_db) > 0) or (strlen(name_las) > 0);
data/hinge-0.5.0/src/layout/hinging.cpp:701:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fa_and_paf = (strlen(name_fasta) > 0) and (strlen(name_paf) > 0);
data/hinge-0.5.0/src/layout/hinging.cpp:701:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fa_and_paf = (strlen(name_fasta) > 0) and (strlen(name_paf) > 0);
data/hinge-0.5.0/src/layout/hinging.cpp:702:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fa_or_paf = (strlen(name_fasta) > 0) or (strlen(name_paf) > 0);
data/hinge-0.5.0/src/layout/hinging.cpp:702:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fa_or_paf = (strlen(name_fasta) > 0) or (strlen(name_paf) > 0);
data/hinge-0.5.0/src/layout/hinging.cpp:728:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_db) > 0)
data/hinge-0.5.0/src/layout/hinging.cpp:738:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_db) > 0)
data/hinge-0.5.0/src/layout/hinging.cpp:743:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_fasta) > 0) {
data/hinge-0.5.0/src/layout/hinging.cpp:762:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_db) > 0) {
data/hinge-0.5.0/src/layout/hinging.cpp:871:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read, rs, re;
data/hinge-0.5.0/src/layout/hinging.cpp:873:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (fscanf(mask_file, "%d %d %d", &read, &rs, &re) != EOF) {
data/hinge-0.5.0/src/layout/hinging.cpp:874:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reads[read]->effective_start = rs;
data/hinge-0.5.0/src/layout/hinging.cpp:875:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reads[read]->effective_end = re;
data/hinge-0.5.0/src/layout/hinging.cpp:2155:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_db) > 0)
data/hinge-0.5.0/src/lib/DB.c:162:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ epos = strlen(find);
data/hinge-0.5.0/src/lib/DB.c:163:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
epos -= strlen(suffix);
data/hinge-0.5.0/src/lib/DB.c:182:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/hinge-0.5.0/src/lib/DB.c:183:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(sep);
data/hinge-0.5.0/src/lib/DB.c:184:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(root);
data/hinge-0.5.0/src/lib/DB.c:185:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(suffix);
data/hinge-0.5.0/src/lib/DB.c:204:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(left);
data/hinge-0.5.0/src/lib/DB.c:205:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(right) + 40;
data/hinge-0.5.0/src/lib/DB.c:407:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(path);
data/hinge-0.5.0/src/lib/DB.c:693:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
HITS_READ read;
data/hinge-0.5.0/src/lib/DB.c:730:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(&read,sizeof(HITS_READ),1,indx) != 1)
data/hinge-0.5.0/src/lib/DB.c:735:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/hinge-0.5.0/src/lib/DB.c:735:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/hinge-0.5.0/src/lib/DB.c:749:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(&read,sizeof(HITS_READ),1,indx) != 1)
data/hinge-0.5.0/src/lib/DB.c:754:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/hinge-0.5.0/src/lib/DB.c:754:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/hinge-0.5.0/src/lib/DB.c:769:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(&read,sizeof(HITS_READ),1,indx) != 1)
data/hinge-0.5.0/src/lib/DB.c:774:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/hinge-0.5.0/src/lib/DB.c:774:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/hinge-0.5.0/src/lib/DB.c:929:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ HITS_READ read;
data/hinge-0.5.0/src/lib/DB.c:932:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fread(&read,sizeof(HITS_READ),1,indx) != 1)
data/hinge-0.5.0/src/lib/DB.c:937:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fseeko(quiva,read.coff,SEEK_SET);
data/hinge-0.5.0/src/lib/DB.c:1357:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ char *read;
data/hinge-0.5.0/src/lib/DB.c:1371:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int Load_Read(HITS_DB *db, int i, char *read, int ascii)
data/hinge-0.5.0/src/lib/DB.c:1395:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(read,clen,1,bases) != 1)
data/hinge-0.5.0/src/lib/DB.c:1400:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Uncompress_Read(len,read);
data/hinge-0.5.0/src/lib/DB.c:1402:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ Lower_Read(read);
data/hinge-0.5.0/src/lib/DB.c:1403:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/hinge-0.5.0/src/lib/DB.c:1406:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ Upper_Read(read);
data/hinge-0.5.0/src/lib/DB.c:1407:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/hinge-0.5.0/src/lib/DB.c:1410:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = 4;
data/hinge-0.5.0/src/lib/DB.c:1414:64: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *Load_Subread(HITS_DB *db, int i, int beg, int end, char *read, int ascii)
data/hinge-0.5.0/src/lib/DB.c:1442:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(read,clen,1,bases) != 1)
data/hinge-0.5.0/src/lib/DB.c:1447:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Uncompress_Read(4*clen,read);
data/hinge-0.5.0/src/lib/DB.c:1449:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[len] = 4;
data/hinge-0.5.0/src/lib/DB.c:1451:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ Lower_Read(read);
data/hinge-0.5.0/src/lib/DB.c:1452:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/hinge-0.5.0/src/lib/DB.c:1455:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ Upper_Read(read);
data/hinge-0.5.0/src/lib/DB.c:1456:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/hinge-0.5.0/src/lib/DB.c:1459:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = 4;
data/hinge-0.5.0/src/lib/DB.c:1461:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return (read);
data/hinge-0.5.0/src/lib/DB.c:1617:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(path);
data/hinge-0.5.0/src/lib/DB.c:1622:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen = strlen(root);
data/hinge-0.5.0/src/lib/DB.c:1646:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{ strncpy(root,name,rlen);
data/hinge-0.5.0/src/lib/DB.c:1650:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{ strncpy(root,name,rlen);
data/hinge-0.5.0/src/lib/DB.c:1670:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlen = strlen(name);
data/hinge-0.5.0/src/lib/LAInterface.cpp:204:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *read, **entry;
data/hinge-0.5.0/src/lib/LAInterface.cpp:257:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Load_Read(db1, i, read, UPPER);
data/hinge-0.5.0/src/lib/LAInterface.cpp:275:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (iscase(read[m]))
data/hinge-0.5.0/src/lib/LAInterface.cpp:276:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[m] = (char) (read[m] + hilight);
data/hinge-0.5.0/src/lib/LAInterface.cpp:276:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[m] = (char) (read[m] + hilight);
data/hinge-0.5.0/src/lib/LAInterface.cpp:307:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *read, **entry;
data/hinge-0.5.0/src/lib/LAInterface.cpp:360:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Load_Read(db2, i, read, UPPER);
data/hinge-0.5.0/src/lib/LAInterface.cpp:378:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (iscase(read[m]))
data/hinge-0.5.0/src/lib/LAInterface.cpp:379:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[m] = (char) (read[m] + hilight);
data/hinge-0.5.0/src/lib/LAInterface.cpp:379:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[m] = (char) (read[m] + hilight);
data/hinge-0.5.0/src/lib/LAInterface.cpp:415:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *read, **entry;
data/hinge-0.5.0/src/lib/LAInterface.cpp:462:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Load_Read(db1, i, read, UPPER);
data/hinge-0.5.0/src/lib/LAInterface.cpp:480:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (iscase(read[m]))
data/hinge-0.5.0/src/lib/LAInterface.cpp:481:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[m] = (char) (read[m] + hilight);
data/hinge-0.5.0/src/lib/LAInterface.cpp:481:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[m] = (char) (read[m] + hilight);
data/hinge-0.5.0/src/lib/LAInterface.cpp:490:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_bases = std::string(read);
data/hinge-0.5.0/src/lib/LAInterface.cpp:509:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *read, **entry;
data/hinge-0.5.0/src/lib/LAInterface.cpp:556:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Load_Read(db2, i, read, UPPER);
data/hinge-0.5.0/src/lib/LAInterface.cpp:574:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (iscase(read[m]))
data/hinge-0.5.0/src/lib/LAInterface.cpp:575:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[m] = (char) (read[m] + hilight);
data/hinge-0.5.0/src/lib/LAInterface.cpp:575:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[m] = (char) (read[m] + hilight);
data/hinge-0.5.0/src/lib/LAInterface.cpp:584:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_bases = std::string(read);
data/hinge-0.5.0/src/lib/LAInterface.cpp:1204:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *read, **entry;
data/hinge-0.5.0/src/lib/LAInterface.cpp:1250:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Load_Read(db1, i, read, UPPER);
data/hinge-0.5.0/src/lib/LAInterface.cpp:1268:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (iscase(read[m]))
data/hinge-0.5.0/src/lib/LAInterface.cpp:1269:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[m] = (char) (read[m] + hilight);
data/hinge-0.5.0/src/lib/LAInterface.cpp:1269:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[m] = (char) (read[m] + hilight);
data/hinge-0.5.0/src/lib/LAInterface.cpp:1278:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_bases = std::string(read);
data/hinge-0.5.0/src/lib/LAInterface.cpp:1298:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *read, **entry;
data/hinge-0.5.0/src/lib/LAInterface.cpp:1344:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Load_Read(db2, i, read, UPPER);
data/hinge-0.5.0/src/lib/LAInterface.cpp:1362:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (iscase(read[m]))
data/hinge-0.5.0/src/lib/LAInterface.cpp:1363:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[m] = (char) (read[m] + hilight);
data/hinge-0.5.0/src/lib/LAInterface.cpp:1363:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[m] = (char) (read[m] + hilight);
data/hinge-0.5.0/src/lib/LAInterface.cpp:1372:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_bases = std::string(read);
data/hinge-0.5.0/src/lib/LAInterface.cpp:4816:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(substr, sub1, strlen(sub1) - strlen(sub2));
data/hinge-0.5.0/src/lib/LAInterface.cpp:4816:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(substr, sub1, strlen(sub1) - strlen(sub2));
data/hinge-0.5.0/src/lib/LAInterface.cpp:4816:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(substr, sub1, strlen(sub1) - strlen(sub2));
data/hinge-0.5.0/src/lib/LAInterface.cpp:4817:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
substr[strlen(sub1) - strlen(sub2)] = 0;
data/hinge-0.5.0/src/lib/LAInterface.cpp:4817:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
substr[strlen(sub1) - strlen(sub2)] = 0;
data/hinge-0.5.0/src/lib/LAInterface.cpp:4862:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Read *new_r = new Read(num, strlen(seq->seq.s), std::string(seq->name.s), std::string(seq->seq.s));
data/hinge-0.5.0/src/lib/QV.c:423:55: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static void Encode(HScheme *scheme, FILE *out, uint8 *read, int rlen)
data/hinge-0.5.0/src/lib/QV.c:465:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ x = read[k];
data/hinge-0.5.0/src/lib/QV.c:485:72: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static void Encode_Run(HScheme *neme, HScheme *reme, FILE *out, uint8 *read, int rlen, int rchar)
data/hinge-0.5.0/src/lib/QV.c:514:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (k < rlen && read[k] == rchar)
data/hinge-0.5.0/src/lib/QV.c:526:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ x = read[k];
data/hinge-0.5.0/src/lib/QV.c:547:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static int Decode(HScheme *scheme, FILE *in, char *read, int rlen)
data/hinge-0.5.0/src/lib/QV.c:620:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j] = (char) c;
data/hinge-0.5.0/src/lib/QV.c:632:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j] = (char) c;
data/hinge-0.5.0/src/lib/QV.c:641:69: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static int Decode_Run(HScheme *neme, HScheme *reme, FILE *in, char *read,
data/hinge-0.5.0/src/lib/QV.c:687:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j++] = (char) rchar;
data/hinge-0.5.0/src/lib/QV.c:698:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j] = (char) c;
data/hinge-0.5.0/src/lib/QV.c:712:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j++] = (char) rchar;
data/hinge-0.5.0/src/lib/QV.c:723:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j] = (char) c;
data/hinge-0.5.0/src/lib/QV.c:801:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen = strlen(Read);
data/hinge-0.5.0/src/lib/QV.c:813:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen += strlen(Read+rlen);
data/hinge-0.5.0/src/lib/QV.c:823:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (rlen != (int) strlen(other))
data/hinge-0.5.0/src/lib/QV.c:1158:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(coding->prefix);
data/hinge-0.5.0/src/lib/falcon.c:555:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sa_ptr = allocate_seq( (seq_coor_t) strlen( input_seq[0]) );
data/hinge-0.5.0/src/lib/falcon.c:556:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sda_ptr = allocate_seq_addr( (seq_coor_t) strlen( input_seq[0]) );
data/hinge-0.5.0/src/lib/falcon.c:557:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
add_sequence( 0, K, input_seq[0], strlen(input_seq[0]), sda_ptr, sa_ptr, lk_ptr);
data/hinge-0.5.0/src/lib/falcon.c:565:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
kmer_match_ptr = find_kmer_pos_for_seq(input_seq[j], strlen(input_seq[j]), K, sda_ptr, lk_ptr);
data/hinge-0.5.0/src/lib/falcon.c:614:76: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
consensus = get_cns_from_align_tags( tags_list, aligned_seq_count, strlen(input_seq[0]), min_cov );
data/hinge-0.5.0/src/lib/falcon.c:661:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utg_len = strlen(input_seq[0]);
data/hinge-0.5.0/src/lib/falcon.c:666:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arange->e1 = strlen(input_seq[0]);
data/hinge-0.5.0/src/lib/falcon.c:668:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arange->e2 = strlen(input_seq[0]);
data/hinge-0.5.0/src/lib/falcon.c:670:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(input_seq[0]), arange, 0, 0);
data/hinge-0.5.0/src/lib/falcon.c:674:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arange->e1 = strlen(input_seq[j])-1;
data/hinge-0.5.0/src/lib/falcon.c:676:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arange->e2 = strlen(input_seq[j])-1;
data/hinge-0.5.0/src/lib/falcon.c:678:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r_len = strlen(input_seq[j]);
data/hinge-0.5.0/src/lib/ini.c:30:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* p = s + strlen(s);
data/hinge-0.5.0/src/lib/ini.c:60:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, src, size);
data/hinge-0.5.0/src/maximal/maximal.cpp:281:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
db_and_las = (strlen(name_db) > 0) and (strlen(name_las_base) > 0);
data/hinge-0.5.0/src/maximal/maximal.cpp:281:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
db_and_las = (strlen(name_db) > 0) and (strlen(name_las_base) > 0);
data/hinge-0.5.0/src/maximal/maximal.cpp:282:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
db_or_las = (strlen(name_db) > 0) or (strlen(name_las_base) > 0);
data/hinge-0.5.0/src/maximal/maximal.cpp:282:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
db_or_las = (strlen(name_db) > 0) or (strlen(name_las_base) > 0);
data/hinge-0.5.0/src/maximal/maximal.cpp:283:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fa_and_paf = (strlen(name_fasta) > 0) and (strlen(name_paf) > 0);
data/hinge-0.5.0/src/maximal/maximal.cpp:283:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fa_and_paf = (strlen(name_fasta) > 0) and (strlen(name_paf) > 0);
data/hinge-0.5.0/src/maximal/maximal.cpp:284:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fa_or_paf = (strlen(name_fasta) > 0) or (strlen(name_paf) > 0);
data/hinge-0.5.0/src/maximal/maximal.cpp:284:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fa_or_paf = (strlen(name_fasta) > 0) or (strlen(name_paf) > 0);
data/hinge-0.5.0/src/maximal/maximal.cpp:304:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(name_las_base) > 0) {
data/hinge-0.5.0/src/maximal/maximal.cpp:331:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_db) > 0)
data/hinge-0.5.0/src/maximal/maximal.cpp:349:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_db) > 0)
data/hinge-0.5.0/src/maximal/maximal.cpp:354:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_fasta) > 0) {
data/hinge-0.5.0/src/maximal/maximal.cpp:367:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_db) > 0) {
data/hinge-0.5.0/src/maximal/maximal.cpp:383:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_restrict) > 0){
data/hinge-0.5.0/src/maximal/maximal.cpp:403:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_las_list[0].c_str()) > 0)
data/hinge-0.5.0/src/maximal/maximal.cpp:526:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read, rs, re;
data/hinge-0.5.0/src/maximal/maximal.cpp:528:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (fscanf(mask_file, "%d %d %d", &read, &rs, &re) != EOF) {
data/hinge-0.5.0/src/maximal/maximal.cpp:529:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reads[read]->effective_start = rs;
data/hinge-0.5.0/src/maximal/maximal.cpp:530:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reads[read]->effective_end = re;
data/hinge-0.5.0/src/maximal/maximal.cpp:551:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_las) > 0)
data/hinge-0.5.0/src/maximal/maximal.cpp:553:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(strlen(name_paf) > 0)
data/hinge-0.5.0/src/maximal/maximal.cpp:572:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(name_las_base)> 0) {
data/hinge-0.5.0/src/maximal/maximal.cpp:574:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_las_list[part].c_str()) > 0)
data/hinge-0.5.0/src/maximal/maximal.cpp:576:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_las_list[part].c_str()) > 0) {
data/hinge-0.5.0/src/maximal/maximal.cpp:581:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_las_list[part].c_str()) > 0) {
data/hinge-0.5.0/src/maximal/maximal.cpp:590:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_paf) > 0) {
data/hinge-0.5.0/src/maximal/maximal.cpp:799:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_db) > 0)
data/hinge-0.5.0/src/maximal/maximal.cpp:827:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_db) > 0)
data/hinge-0.5.0/src/maximal/maximal.cpp:888:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_las) > 0) {
data/hinge-0.5.0/src/maximal/maximal.cpp:898:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_db)>0)
data/hinge-0.5.0/src/test/LAInterface_consensus_test.cpp:92:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(seq),
data/hinge-0.5.0/src/test/LAInterface_consensus_test.cpp:114:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_coor_t aln_str_size = strlen(q_aln_str);
data/hinge-0.5.0/src/test/LAInterface_consensus_test.cpp:136:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
consensus = get_cns_from_align_tags( tags_list, seq_count+1, strlen(seq), 6 );
ANALYSIS SUMMARY:
Hits = 360
Lines analyzed = 25329 in approximately 0.78 seconds (32429 lines/second)
Physical Source Lines of Code (SLOC) = 18451
Hits@level = [0] 490 [1] 254 [2] 59 [3] 4 [4] 43 [5] 0
Hits@level+ = [0+] 850 [1+] 360 [2+] 106 [3+] 47 [4+] 43 [5+] 0
Hits/KSLOC@level+ = [0+] 46.068 [1+] 19.5111 [2+] 5.74495 [3+] 2.54729 [4+] 2.3305 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.