Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/htscodecs-0.5/htscodecs/arith_dynamic.c
Examining data/htscodecs-0.5/htscodecs/arith_dynamic.h
Examining data/htscodecs-0.5/htscodecs/c_range_coder.h
Examining data/htscodecs-0.5/htscodecs/c_simple_model.h
Examining data/htscodecs-0.5/htscodecs/fqzcomp_qual.c
Examining data/htscodecs-0.5/htscodecs/fqzcomp_qual.h
Examining data/htscodecs-0.5/htscodecs/pack.c
Examining data/htscodecs-0.5/htscodecs/pack.h
Examining data/htscodecs-0.5/htscodecs/pooled_alloc.h
Examining data/htscodecs-0.5/htscodecs/rANS_byte.h
Examining data/htscodecs-0.5/htscodecs/rANS_static.c
Examining data/htscodecs-0.5/htscodecs/rANS_static.h
Examining data/htscodecs-0.5/htscodecs/rANS_static4x16.h
Examining data/htscodecs-0.5/htscodecs/rANS_static4x16pr.c
Examining data/htscodecs-0.5/htscodecs/rle.c
Examining data/htscodecs-0.5/htscodecs/rle.h
Examining data/htscodecs-0.5/htscodecs/tokenise_name3.h
Examining data/htscodecs-0.5/htscodecs/varint.h
Examining data/htscodecs-0.5/htscodecs/varint2.h
Examining data/htscodecs-0.5/htscodecs/htscodecs_endian.h
Examining data/htscodecs-0.5/htscodecs/rANS_word.h
Examining data/htscodecs-0.5/htscodecs/tokenise_name3.c
Examining data/htscodecs-0.5/tests/arith_dynamic_fuzz.c
Examining data/htscodecs-0.5/tests/arith_dynamic_test.c
Examining data/htscodecs-0.5/tests/fqzcomp_qual_fuzz.c
Examining data/htscodecs-0.5/tests/fqzcomp_qual_test.c
Examining data/htscodecs-0.5/tests/rANS_static4x16pr_fuzz.c
Examining data/htscodecs-0.5/tests/rANS_static4x16pr_test.c
Examining data/htscodecs-0.5/tests/rANS_static_fuzz.c
Examining data/htscodecs-0.5/tests/rANS_static_test.c
Examining data/htscodecs-0.5/tests/tokenise_name3_fuzz.c
Examining data/htscodecs-0.5/tests/tokenise_name3_test.c
FINAL RESULTS:
data/htscodecs-0.5/htscodecs/tokenise_name3.c:1030:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, ctx->lc[pnum].last_name);
data/htscodecs-0.5/tests/arith_dynamic_test.c:64:19: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "o:dtr")) != -1) {
data/htscodecs-0.5/tests/fqzcomp_qual_test.c:300:19: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "ds:s:b:r")) != -1) {
data/htscodecs-0.5/tests/rANS_static4x16pr_test.c:63:19: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "o:dtr")) != -1) {
data/htscodecs-0.5/tests/rANS_static_test.c:76:19: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "o:dtr")) != -1) {
data/htscodecs-0.5/htscodecs/arith_dynamic.c:635:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out+c_meta_len, in, in_size);
data/htscodecs-0.5/htscodecs/arith_dynamic.c:842:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out+c_meta_len, in, in_size);
data/htscodecs-0.5/htscodecs/arith_dynamic.c:863:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void unstripe(unsigned char *out, unsigned char *outN,
data/htscodecs-0.5/htscodecs/arith_dynamic.c:863:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void unstripe(unsigned char *out, unsigned char *outN,
data/htscodecs-0.5/htscodecs/arith_dynamic.c:1092:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp1, in, tmp1_size);
data/htscodecs-0.5/htscodecs/fqzcomp_qual.c:105:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[2048];
data/htscodecs-0.5/htscodecs/fqzcomp_qual.c:149:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char R[1024];
data/htscodecs-0.5/htscodecs/fqzcomp_qual.c:417:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *in, size_t in_size,
data/htscodecs-0.5/htscodecs/fqzcomp_qual.c:1410:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uncomp+i, uncomp+i-len, len);
data/htscodecs-0.5/htscodecs/fqzcomp_qual.h:175:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *in, size_t in_size,
data/htscodecs-0.5/htscodecs/pack.c:79:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, data, len);
data/htscodecs-0.5/htscodecs/pack.c:216:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, data, len);
data/htscodecs-0.5/htscodecs/pack.c:242:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&out[i], &map[data[j++]].w, 8);
data/htscodecs-0.5/htscodecs/pack.c:283:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&out[i], &w, 16);
data/htscodecs-0.5/htscodecs/pack.c:287:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&out[i], &map[data[j++]].w, 4);
data/htscodecs-0.5/htscodecs/pack.c:322:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&out[i], &w, 4);
data/htscodecs-0.5/htscodecs/pack.c:328:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&out[i], &map[data[j++]].w, 2);
data/htscodecs-0.5/htscodecs/pack.c:356:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, data, len);
data/htscodecs-0.5/htscodecs/rANS_static.c:83:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void hist8(unsigned char *in, unsigned int in_size, int F0[256]) {
data/htscodecs-0.5/htscodecs/rANS_static.c:241:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char R[TOTFREQ];
data/htscodecs-0.5/htscodecs/rANS_static.c:385:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void hist1_4(unsigned char *in, unsigned int in_size,
data/htscodecs-0.5/htscodecs/rANS_static4x16pr.c:103:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void hist1(unsigned char *in, unsigned int in_size, int F0[256]) {
data/htscodecs-0.5/htscodecs/rANS_static4x16pr.c:128:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void hist8(unsigned char *in, unsigned int in_size, int F0[256]) {
data/htscodecs-0.5/htscodecs/rANS_static4x16pr.c:149:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void present8(unsigned char *in, unsigned int in_size, int F0[256]) {
data/htscodecs-0.5/htscodecs/rANS_static4x16pr.c:555:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char R[TOTFREQ];
data/htscodecs-0.5/htscodecs/rANS_static4x16pr.c:677:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void hist1_1(unsigned char *in, unsigned int in_size,
data/htscodecs-0.5/htscodecs/rANS_static4x16pr.c:690:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void hist1_4(unsigned char *in, unsigned int in_size,
data/htscodecs-0.5/htscodecs/rANS_static4x16pr.c:890:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, c_freq, c_freq_sz);
data/htscodecs-0.5/htscodecs/rANS_static4x16pr.c:1336:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out+c_meta_len, in, in_size);
data/htscodecs-0.5/htscodecs/rANS_static4x16pr.c:1398:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(meta+1, rle_syms, rle_nsyms);
data/htscodecs-0.5/htscodecs/rANS_static4x16pr.c:1420:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out+c_meta_len+sz+sz2, meta, rmeta_len);
data/htscodecs-0.5/htscodecs/rANS_static4x16pr.c:1449:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out+c_meta_len, in, in_size);
data/htscodecs-0.5/htscodecs/rANS_static4x16pr.c:1470:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void unstripe(unsigned char *out, unsigned char *outN,
data/htscodecs-0.5/htscodecs/rANS_static4x16pr.c:1470:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void unstripe(unsigned char *out, unsigned char *outN,
data/htscodecs-0.5/htscodecs/rANS_static4x16pr.c:1742:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp1, in, tmp1_size);
data/htscodecs-0.5/htscodecs/tokenise_name3.c:437:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->desc[id].buf[ctx->desc[id].buf_l], str, len);
data/htscodecs-0.5/htscodecs/tokenise_name3.c:555:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[100], *cp;
data/htscodecs-0.5/htscodecs/tokenise_name3.c:741:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->lc[cnum].last_token_type, ctx->lc[pnum].last_token_type, nc * sizeof(int));
data/htscodecs-0.5/htscodecs/tokenise_name3.c:742:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->lc[cnum].last_token_int , ctx->lc[pnum].last_token_int , nc * sizeof(int));
data/htscodecs-0.5/htscodecs/tokenise_name3.c:743:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->lc[cnum].last_token_str , ctx->lc[pnum].last_token_str , nc * sizeof(int));
data/htscodecs-0.5/htscodecs/tokenise_name3.c:1035:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->lc[cnum].last_token_type, ctx->lc[pnum].last_token_type, nc * sizeof(int));
data/htscodecs-0.5/htscodecs/tokenise_name3.c:1036:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->lc[cnum].last_token_int , ctx->lc[pnum].last_token_int , nc * sizeof(int));
data/htscodecs-0.5/htscodecs/tokenise_name3.c:1037:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->lc[cnum].last_token_str , ctx->lc[pnum].last_token_str , nc * sizeof(int));
data/htscodecs-0.5/htscodecs/tokenise_name3.c:1128:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&name[len],
data/htscodecs-0.5/htscodecs/tokenise_name3.c:1369:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[1024];
data/htscodecs-0.5/htscodecs/tokenise_name3.c:1371:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fn, "_tok.%02d_%02d.%d", i>>4,i&15,i);
data/htscodecs-0.5/htscodecs/tokenise_name3.c:1372:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(fn, "w");
data/htscodecs-0.5/htscodecs/tokenise_name3.c:1467:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[1024];
data/htscodecs-0.5/htscodecs/tokenise_name3.c:1469:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fn, "_tok.%02d_%02d.%d.comp", i>>4,i&15,i);
data/htscodecs-0.5/htscodecs/tokenise_name3.c:1470:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(fn, "w");
data/htscodecs-0.5/htscodecs/tokenise_name3.c:1513:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, ctx->desc[i].buf, ctx->desc[i].buf_l);
data/htscodecs-0.5/htscodecs/tokenise_name3.c:1587:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->desc[i].buf, ctx->desc[j].buf, ctx->desc[i].buf_a);
data/htscodecs-0.5/tests/arith_dynamic_fuzz.c:34:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(fn, O_RDONLY);
data/htscodecs-0.5/tests/arith_dynamic_test.c:21:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char in_buf[BLK_SIZE2+257*257*3];
data/htscodecs-0.5/tests/arith_dynamic_test.c:70:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
order += atoi(optend+1)<<8;
data/htscodecs-0.5/tests/arith_dynamic_test.c:91:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(infp = fopen(argv[optind], "rb"))) {
data/htscodecs-0.5/tests/arith_dynamic_test.c:99:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(outfp = fopen(argv[optind], "wb"))) {
data/htscodecs-0.5/tests/arith_dynamic_test.c:124:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b[nb].blk, in_buf, len);
data/htscodecs-0.5/tests/fqzcomp_qual_fuzz.c:39:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(fn, O_RDONLY);
data/htscodecs-0.5/tests/fqzcomp_qual_test.c:200:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(fn, O_RDONLY | _O_BINARY);
data/htscodecs-0.5/tests/fqzcomp_qual_test.c:255:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rec_r2[rec] = atoi((char *)&in[i]);
data/htscodecs-0.5/tests/fqzcomp_qual_test.c:267:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rec_sel[rec] = atoi((char *)&in[i]);
data/htscodecs-0.5/tests/fqzcomp_qual_test.c:307:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
blk_size = atoi(optarg);
data/htscodecs-0.5/tests/fqzcomp_qual_test.c:313:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
strat = atoi(optarg);
data/htscodecs-0.5/tests/fqzcomp_qual_test.c:375:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq[MAX_SEQ];
data/htscodecs-0.5/tests/rANS_static4x16pr_fuzz.c:57:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(fn, O_RDONLY);
data/htscodecs-0.5/tests/rANS_static4x16pr_test.c:20:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char in_buf[BLK_SIZE2+257*257*3];
data/htscodecs-0.5/tests/rANS_static4x16pr_test.c:69:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
order += atoi(optend+1)<<8;
data/htscodecs-0.5/tests/rANS_static4x16pr_test.c:88:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(infp = fopen(argv[optind], "rb"))) {
data/htscodecs-0.5/tests/rANS_static4x16pr_test.c:96:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(outfp = fopen(argv[optind], "wb"))) {
data/htscodecs-0.5/tests/rANS_static4x16pr_test.c:135:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b[nb].blk, in_buf, len);
data/htscodecs-0.5/tests/rANS_static_fuzz.c:57:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(fn, O_RDONLY);
data/htscodecs-0.5/tests/rANS_static_test.c:62:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in_buf[BLK_SIZE2+257*257*3];
data/htscodecs-0.5/tests/rANS_static_test.c:79:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
order = atoi(optarg);
data/htscodecs-0.5/tests/rANS_static_test.c:99:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(infp = fopen(argv[optind], "rb"))) {
data/htscodecs-0.5/tests/rANS_static_test.c:107:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(outfp = fopen(argv[optind], "wb"))) {
data/htscodecs-0.5/tests/rANS_static_test.c:130:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b[nb].blk, in_buf, len);
data/htscodecs-0.5/tests/tokenise_name3_fuzz.c:37:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(fn, O_RDONLY);
data/htscodecs-0.5/tests/tokenise_name3_test.c:58:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char blk[BLK_SIZE*2]; // temporary fix for decoder, which needs more space
data/htscodecs-0.5/tests/tokenise_name3_test.c:100:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
level = atoi(argv[1]+1);
data/htscodecs-0.5/tests/tokenise_name3_test.c:114:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(argv[1], "r");
data/htscodecs-0.5/htscodecs/tokenise_name3.c:735:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (exact && len == strlen(ctx->lc[pnum].last_name)) {
data/htscodecs-0.5/htscodecs/tokenise_name3.c:1029:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ctx->lc[pnum].last_name) +1 >= name_len) return -1;
data/htscodecs-0.5/htscodecs/tokenise_name3.c:1039:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(name)+1;
data/htscodecs-0.5/tests/arith_dynamic_fuzz.c:42:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, data + dcurr, BS);
data/htscodecs-0.5/tests/fqzcomp_qual_fuzz.c:51:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, data + dcurr, BS);
data/htscodecs-0.5/tests/fqzcomp_qual_test.c:212:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, data + dcurr, BS);
data/htscodecs-0.5/tests/rANS_static4x16pr_fuzz.c:65:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, data + dcurr, BS);
data/htscodecs-0.5/tests/rANS_static_fuzz.c:65:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, data + dcurr, BS);
data/htscodecs-0.5/tests/rANS_static_test.c:210:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
order = fgetc(infp);
data/htscodecs-0.5/tests/tokenise_name3_fuzz.c:45:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, data + dcurr, BS);
ANALYSIS SUMMARY:
Hits = 96
Lines analyzed = 12188 in approximately 0.43 seconds (28152 lines/second)
Physical Source Lines of Code (SLOC) = 7999
Hits@level = [0] 90 [1] 10 [2] 81 [3] 4 [4] 1 [5] 0
Hits@level+ = [0+] 186 [1+] 96 [2+] 86 [3+] 5 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 23.2529 [1+] 12.0015 [2+] 10.7513 [3+] 0.625078 [4+] 0.125016 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.