Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/htscodecs-0.5/htscodecs/arith_dynamic.c Examining data/htscodecs-0.5/htscodecs/arith_dynamic.h Examining data/htscodecs-0.5/htscodecs/c_range_coder.h Examining data/htscodecs-0.5/htscodecs/c_simple_model.h Examining data/htscodecs-0.5/htscodecs/fqzcomp_qual.c Examining data/htscodecs-0.5/htscodecs/fqzcomp_qual.h Examining data/htscodecs-0.5/htscodecs/pack.c Examining data/htscodecs-0.5/htscodecs/pack.h Examining data/htscodecs-0.5/htscodecs/pooled_alloc.h Examining data/htscodecs-0.5/htscodecs/rANS_byte.h Examining data/htscodecs-0.5/htscodecs/rANS_static.c Examining data/htscodecs-0.5/htscodecs/rANS_static.h Examining data/htscodecs-0.5/htscodecs/rANS_static4x16.h Examining data/htscodecs-0.5/htscodecs/rANS_static4x16pr.c Examining data/htscodecs-0.5/htscodecs/rle.c Examining data/htscodecs-0.5/htscodecs/rle.h Examining data/htscodecs-0.5/htscodecs/tokenise_name3.h Examining data/htscodecs-0.5/htscodecs/varint.h Examining data/htscodecs-0.5/htscodecs/varint2.h Examining data/htscodecs-0.5/htscodecs/htscodecs_endian.h Examining data/htscodecs-0.5/htscodecs/rANS_word.h Examining data/htscodecs-0.5/htscodecs/tokenise_name3.c Examining data/htscodecs-0.5/tests/arith_dynamic_fuzz.c Examining data/htscodecs-0.5/tests/arith_dynamic_test.c Examining data/htscodecs-0.5/tests/fqzcomp_qual_fuzz.c Examining data/htscodecs-0.5/tests/fqzcomp_qual_test.c Examining data/htscodecs-0.5/tests/rANS_static4x16pr_fuzz.c Examining data/htscodecs-0.5/tests/rANS_static4x16pr_test.c Examining data/htscodecs-0.5/tests/rANS_static_fuzz.c Examining data/htscodecs-0.5/tests/rANS_static_test.c Examining data/htscodecs-0.5/tests/tokenise_name3_fuzz.c Examining data/htscodecs-0.5/tests/tokenise_name3_test.c FINAL RESULTS: data/htscodecs-0.5/htscodecs/tokenise_name3.c:1030:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, ctx->lc[pnum].last_name); data/htscodecs-0.5/tests/arith_dynamic_test.c:64:19: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "o:dtr")) != -1) { data/htscodecs-0.5/tests/fqzcomp_qual_test.c:300:19: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "ds:s:b:r")) != -1) { data/htscodecs-0.5/tests/rANS_static4x16pr_test.c:63:19: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "o:dtr")) != -1) { data/htscodecs-0.5/tests/rANS_static_test.c:76:19: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "o:dtr")) != -1) { data/htscodecs-0.5/htscodecs/arith_dynamic.c:635:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out+c_meta_len, in, in_size); data/htscodecs-0.5/htscodecs/arith_dynamic.c:842:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out+c_meta_len, in, in_size); data/htscodecs-0.5/htscodecs/arith_dynamic.c:863:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void unstripe(unsigned char *out, unsigned char *outN, data/htscodecs-0.5/htscodecs/arith_dynamic.c:863:51: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void unstripe(unsigned char *out, unsigned char *outN, data/htscodecs-0.5/htscodecs/arith_dynamic.c:1092:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp1, in, tmp1_size); data/htscodecs-0.5/htscodecs/fqzcomp_qual.c:105:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tmp[2048]; data/htscodecs-0.5/htscodecs/fqzcomp_qual.c:149:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char R[1024]; data/htscodecs-0.5/htscodecs/fqzcomp_qual.c:417:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *in, size_t in_size, data/htscodecs-0.5/htscodecs/fqzcomp_qual.c:1410:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uncomp+i, uncomp+i-len, len); data/htscodecs-0.5/htscodecs/fqzcomp_qual.h:175:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *in, size_t in_size, data/htscodecs-0.5/htscodecs/pack.c:79:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, data, len); data/htscodecs-0.5/htscodecs/pack.c:216:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, data, len); data/htscodecs-0.5/htscodecs/pack.c:242:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&out[i], &map[data[j++]].w, 8); data/htscodecs-0.5/htscodecs/pack.c:283:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&out[i], &w, 16); data/htscodecs-0.5/htscodecs/pack.c:287:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&out[i], &map[data[j++]].w, 4); data/htscodecs-0.5/htscodecs/pack.c:322:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&out[i], &w, 4); data/htscodecs-0.5/htscodecs/pack.c:328:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&out[i], &map[data[j++]].w, 2); data/htscodecs-0.5/htscodecs/pack.c:356:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, data, len); data/htscodecs-0.5/htscodecs/rANS_static.c:83:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void hist8(unsigned char *in, unsigned int in_size, int F0[256]) { data/htscodecs-0.5/htscodecs/rANS_static.c:241:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char R[TOTFREQ]; data/htscodecs-0.5/htscodecs/rANS_static.c:385:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void hist1_4(unsigned char *in, unsigned int in_size, data/htscodecs-0.5/htscodecs/rANS_static4x16pr.c:103:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void hist1(unsigned char *in, unsigned int in_size, int F0[256]) { data/htscodecs-0.5/htscodecs/rANS_static4x16pr.c:128:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void hist8(unsigned char *in, unsigned int in_size, int F0[256]) { data/htscodecs-0.5/htscodecs/rANS_static4x16pr.c:149:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void present8(unsigned char *in, unsigned int in_size, int F0[256]) { data/htscodecs-0.5/htscodecs/rANS_static4x16pr.c:555:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char R[TOTFREQ]; data/htscodecs-0.5/htscodecs/rANS_static4x16pr.c:677:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void hist1_1(unsigned char *in, unsigned int in_size, data/htscodecs-0.5/htscodecs/rANS_static4x16pr.c:690:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void hist1_4(unsigned char *in, unsigned int in_size, data/htscodecs-0.5/htscodecs/rANS_static4x16pr.c:890:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, c_freq, c_freq_sz); data/htscodecs-0.5/htscodecs/rANS_static4x16pr.c:1336:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out+c_meta_len, in, in_size); data/htscodecs-0.5/htscodecs/rANS_static4x16pr.c:1398:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(meta+1, rle_syms, rle_nsyms); data/htscodecs-0.5/htscodecs/rANS_static4x16pr.c:1420:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out+c_meta_len+sz+sz2, meta, rmeta_len); data/htscodecs-0.5/htscodecs/rANS_static4x16pr.c:1449:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out+c_meta_len, in, in_size); data/htscodecs-0.5/htscodecs/rANS_static4x16pr.c:1470:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void unstripe(unsigned char *out, unsigned char *outN, data/htscodecs-0.5/htscodecs/rANS_static4x16pr.c:1470:51: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void unstripe(unsigned char *out, unsigned char *outN, data/htscodecs-0.5/htscodecs/rANS_static4x16pr.c:1742:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp1, in, tmp1_size); data/htscodecs-0.5/htscodecs/tokenise_name3.c:437:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ctx->desc[id].buf[ctx->desc[id].buf_l], str, len); data/htscodecs-0.5/htscodecs/tokenise_name3.c:555:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[100], *cp; data/htscodecs-0.5/htscodecs/tokenise_name3.c:741:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->lc[cnum].last_token_type, ctx->lc[pnum].last_token_type, nc * sizeof(int)); data/htscodecs-0.5/htscodecs/tokenise_name3.c:742:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->lc[cnum].last_token_int , ctx->lc[pnum].last_token_int , nc * sizeof(int)); data/htscodecs-0.5/htscodecs/tokenise_name3.c:743:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->lc[cnum].last_token_str , ctx->lc[pnum].last_token_str , nc * sizeof(int)); data/htscodecs-0.5/htscodecs/tokenise_name3.c:1035:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->lc[cnum].last_token_type, ctx->lc[pnum].last_token_type, nc * sizeof(int)); data/htscodecs-0.5/htscodecs/tokenise_name3.c:1036:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->lc[cnum].last_token_int , ctx->lc[pnum].last_token_int , nc * sizeof(int)); data/htscodecs-0.5/htscodecs/tokenise_name3.c:1037:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->lc[cnum].last_token_str , ctx->lc[pnum].last_token_str , nc * sizeof(int)); data/htscodecs-0.5/htscodecs/tokenise_name3.c:1128:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&name[len], data/htscodecs-0.5/htscodecs/tokenise_name3.c:1369:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[1024]; data/htscodecs-0.5/htscodecs/tokenise_name3.c:1371:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fn, "_tok.%02d_%02d.%d", i>>4,i&15,i); data/htscodecs-0.5/htscodecs/tokenise_name3.c:1372:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(fn, "w"); data/htscodecs-0.5/htscodecs/tokenise_name3.c:1467:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[1024]; data/htscodecs-0.5/htscodecs/tokenise_name3.c:1469:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fn, "_tok.%02d_%02d.%d.comp", i>>4,i&15,i); data/htscodecs-0.5/htscodecs/tokenise_name3.c:1470:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(fn, "w"); data/htscodecs-0.5/htscodecs/tokenise_name3.c:1513:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cp, ctx->desc[i].buf, ctx->desc[i].buf_l); data/htscodecs-0.5/htscodecs/tokenise_name3.c:1587:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->desc[i].buf, ctx->desc[j].buf, ctx->desc[i].buf_a); data/htscodecs-0.5/tests/arith_dynamic_fuzz.c:34:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(fn, O_RDONLY); data/htscodecs-0.5/tests/arith_dynamic_test.c:21:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char in_buf[BLK_SIZE2+257*257*3]; data/htscodecs-0.5/tests/arith_dynamic_test.c:70:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). order += atoi(optend+1)<<8; data/htscodecs-0.5/tests/arith_dynamic_test.c:91:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(infp = fopen(argv[optind], "rb"))) { data/htscodecs-0.5/tests/arith_dynamic_test.c:99:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(outfp = fopen(argv[optind], "wb"))) { data/htscodecs-0.5/tests/arith_dynamic_test.c:124:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(b[nb].blk, in_buf, len); data/htscodecs-0.5/tests/fqzcomp_qual_fuzz.c:39:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(fn, O_RDONLY); data/htscodecs-0.5/tests/fqzcomp_qual_test.c:200:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(fn, O_RDONLY | _O_BINARY); data/htscodecs-0.5/tests/fqzcomp_qual_test.c:255:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rec_r2[rec] = atoi((char *)&in[i]); data/htscodecs-0.5/tests/fqzcomp_qual_test.c:267:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rec_sel[rec] = atoi((char *)&in[i]); data/htscodecs-0.5/tests/fqzcomp_qual_test.c:307:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). blk_size = atoi(optarg); data/htscodecs-0.5/tests/fqzcomp_qual_test.c:313:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). strat = atoi(optarg); data/htscodecs-0.5/tests/fqzcomp_qual_test.c:375:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char seq[MAX_SEQ]; data/htscodecs-0.5/tests/rANS_static4x16pr_fuzz.c:57:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(fn, O_RDONLY); data/htscodecs-0.5/tests/rANS_static4x16pr_test.c:20:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char in_buf[BLK_SIZE2+257*257*3]; data/htscodecs-0.5/tests/rANS_static4x16pr_test.c:69:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). order += atoi(optend+1)<<8; data/htscodecs-0.5/tests/rANS_static4x16pr_test.c:88:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(infp = fopen(argv[optind], "rb"))) { data/htscodecs-0.5/tests/rANS_static4x16pr_test.c:96:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(outfp = fopen(argv[optind], "wb"))) { data/htscodecs-0.5/tests/rANS_static4x16pr_test.c:135:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(b[nb].blk, in_buf, len); data/htscodecs-0.5/tests/rANS_static_fuzz.c:57:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(fn, O_RDONLY); data/htscodecs-0.5/tests/rANS_static_test.c:62:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char in_buf[BLK_SIZE2+257*257*3]; data/htscodecs-0.5/tests/rANS_static_test.c:79:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). order = atoi(optarg); data/htscodecs-0.5/tests/rANS_static_test.c:99:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(infp = fopen(argv[optind], "rb"))) { data/htscodecs-0.5/tests/rANS_static_test.c:107:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(outfp = fopen(argv[optind], "wb"))) { data/htscodecs-0.5/tests/rANS_static_test.c:130:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(b[nb].blk, in_buf, len); data/htscodecs-0.5/tests/tokenise_name3_fuzz.c:37:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(fn, O_RDONLY); data/htscodecs-0.5/tests/tokenise_name3_test.c:58:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char blk[BLK_SIZE*2]; // temporary fix for decoder, which needs more space data/htscodecs-0.5/tests/tokenise_name3_test.c:100:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). level = atoi(argv[1]+1); data/htscodecs-0.5/tests/tokenise_name3_test.c:114:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(argv[1], "r"); data/htscodecs-0.5/htscodecs/tokenise_name3.c:735:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (exact && len == strlen(ctx->lc[pnum].last_name)) { data/htscodecs-0.5/htscodecs/tokenise_name3.c:1029:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(ctx->lc[pnum].last_name) +1 >= name_len) return -1; data/htscodecs-0.5/htscodecs/tokenise_name3.c:1039:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(name)+1; data/htscodecs-0.5/tests/arith_dynamic_fuzz.c:42:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). len = read(fd, data + dcurr, BS); data/htscodecs-0.5/tests/fqzcomp_qual_fuzz.c:51:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). len = read(fd, data + dcurr, BS); data/htscodecs-0.5/tests/fqzcomp_qual_test.c:212:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). len = read(fd, data + dcurr, BS); data/htscodecs-0.5/tests/rANS_static4x16pr_fuzz.c:65:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). len = read(fd, data + dcurr, BS); data/htscodecs-0.5/tests/rANS_static_fuzz.c:65:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). len = read(fd, data + dcurr, BS); data/htscodecs-0.5/tests/rANS_static_test.c:210:11: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). order = fgetc(infp); data/htscodecs-0.5/tests/tokenise_name3_fuzz.c:45:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). len = read(fd, data + dcurr, BS); ANALYSIS SUMMARY: Hits = 96 Lines analyzed = 12188 in approximately 0.43 seconds (28152 lines/second) Physical Source Lines of Code (SLOC) = 7999 Hits@level = [0] 90 [1] 10 [2] 81 [3] 4 [4] 1 [5] 0 Hits@level+ = [0+] 186 [1+] 96 [2+] 86 [3+] 5 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 23.2529 [1+] 12.0015 [2+] 10.7513 [3+] 0.625078 [4+] 0.125016 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.