Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/kmer-0~20150903+r2013/sim4db/sim4th.C Examining data/kmer-0~20150903+r2013/libutil/readBuffer.H Examining data/kmer-0~20150903+r2013/libutil/bitPackedArray.H Examining data/kmer-0~20150903+r2013/libutil/bzipBuffer.C Examining data/kmer-0~20150903+r2013/libutil/unaryEncodingTester.C Examining data/kmer-0~20150903+r2013/libutil/readBuffer.C Examining data/kmer-0~20150903+r2013/libutil/file.c Examining data/kmer-0~20150903+r2013/libutil/fibonacciEncoding.h Examining data/kmer-0~20150903+r2013/libutil/test/test-md5.c Examining data/kmer-0~20150903+r2013/libutil/test/tcat.C Examining data/kmer-0~20150903+r2013/libutil/test/order.C Examining data/kmer-0~20150903+r2013/libutil/test/test-logMsg.C Examining data/kmer-0~20150903+r2013/libutil/test/test-bitPackedArray.C Examining data/kmer-0~20150903+r2013/libutil/test/test-freeDiskSpace.c Examining data/kmer-0~20150903+r2013/libutil/test/test-types.c Examining data/kmer-0~20150903+r2013/libutil/test/test-readBuffer.C Examining data/kmer-0~20150903+r2013/libutil/test/test-mmap.c Examining data/kmer-0~20150903+r2013/libutil/test/test-bzipBuffer.C Examining data/kmer-0~20150903+r2013/libutil/test/test-palloc.c Examining data/kmer-0~20150903+r2013/libutil/test/endianess.c Examining data/kmer-0~20150903+r2013/libutil/test/test-intervalList.C Examining data/kmer-0~20150903+r2013/libutil/test/atomic.C Examining data/kmer-0~20150903+r2013/libutil/test/test-recordFile.C Examining data/kmer-0~20150903+r2013/libutil/test/test-bigQueue.C Examining data/kmer-0~20150903+r2013/libutil/test/test-bitPackedFile.C Examining data/kmer-0~20150903+r2013/libutil/test/test-bitPacking.C Examining data/kmer-0~20150903+r2013/libutil/bzipBuffer.H Examining data/kmer-0~20150903+r2013/libutil/uint32List.H Examining data/kmer-0~20150903+r2013/libutil/util++.H Examining data/kmer-0~20150903+r2013/libutil/bitPackedArray.C Examining data/kmer-0~20150903+r2013/libutil/bigQueue.C Examining data/kmer-0~20150903+r2013/libutil/speedCounter.H Examining data/kmer-0~20150903+r2013/libutil/fibonacciNumbers.C Examining data/kmer-0~20150903+r2013/libutil/sweatShop.C Examining data/kmer-0~20150903+r2013/libutil/recordFile.H Examining data/kmer-0~20150903+r2013/libutil/eliasGammaEncoding.h Examining data/kmer-0~20150903+r2013/libutil/recordFile.C Examining data/kmer-0~20150903+r2013/libutil/sweatShop.H Examining data/kmer-0~20150903+r2013/libutil/speedCounter.C Examining data/kmer-0~20150903+r2013/libutil/md5.c Examining data/kmer-0~20150903+r2013/libutil/splitToWords.H Examining data/kmer-0~20150903+r2013/libutil/qsort_mt.c Examining data/kmer-0~20150903+r2013/libutil/bitOperations.h Examining data/kmer-0~20150903+r2013/libutil/logMsg.H Examining data/kmer-0~20150903+r2013/libutil/kazlib/dict.h Examining data/kmer-0~20150903+r2013/libutil/kazlib/dict.c Examining data/kmer-0~20150903+r2013/libutil/kazlib/sfx.h Examining data/kmer-0~20150903+r2013/libutil/kazlib/list.h Examining data/kmer-0~20150903+r2013/libutil/kazlib/except.h Examining data/kmer-0~20150903+r2013/libutil/kazlib/drivers/list-main.c Examining data/kmer-0~20150903+r2013/libutil/kazlib/drivers/sfx-main.c Examining data/kmer-0~20150903+r2013/libutil/kazlib/drivers/hash-main.c Examining data/kmer-0~20150903+r2013/libutil/kazlib/drivers/dict-main.c Examining data/kmer-0~20150903+r2013/libutil/kazlib/drivers/except-main.c Examining data/kmer-0~20150903+r2013/libutil/kazlib/hash.c Examining data/kmer-0~20150903+r2013/libutil/kazlib/list.c Examining data/kmer-0~20150903+r2013/libutil/kazlib/sfx.c Examining data/kmer-0~20150903+r2013/libutil/kazlib/except.c Examining data/kmer-0~20150903+r2013/libutil/kazlib/hash.h Examining data/kmer-0~20150903+r2013/libutil/generalizedUnaryEncoding.h Examining data/kmer-0~20150903+r2013/libutil/bitPacking.h Examining data/kmer-0~20150903+r2013/libutil/eliasDeltaEncoding.h Examining data/kmer-0~20150903+r2013/libutil/endianess.H Examining data/kmer-0~20150903+r2013/libutil/bitPackedFile.H Examining data/kmer-0~20150903+r2013/libutil/util.h Examining data/kmer-0~20150903+r2013/libutil/unaryEncoding.h Examining data/kmer-0~20150903+r2013/libutil/bigQueue.H Examining data/kmer-0~20150903+r2013/libutil/mt19937ar/mt19937ar.h Examining data/kmer-0~20150903+r2013/libutil/mt19937ar/tt800.c Examining data/kmer-0~20150903+r2013/libutil/mt19937ar/mt19937ar.c Examining data/kmer-0~20150903+r2013/libutil/mt19937ar/mt19937ar-test.c Examining data/kmer-0~20150903+r2013/libutil/util.c Examining data/kmer-0~20150903+r2013/libutil/intervalList.H Examining data/kmer-0~20150903+r2013/libutil/bitPackedFile.C Examining data/kmer-0~20150903+r2013/libutil/palloc.c Examining data/kmer-0~20150903+r2013/libseq/sffFile.H Examining data/kmer-0~20150903+r2013/libseq/fastqFile.C Examining data/kmer-0~20150903+r2013/libseq/test/test-merstream-speed.C Examining data/kmer-0~20150903+r2013/libseq/seqStream.H Examining data/kmer-0~20150903+r2013/libseq/fastqStdin.H Examining data/kmer-0~20150903+r2013/libseq/selftest.C Examining data/kmer-0~20150903+r2013/libseq/merStream.C Examining data/kmer-0~20150903+r2013/libseq/test-merStream.C Examining data/kmer-0~20150903+r2013/libseq/merStream.H Examining data/kmer-0~20150903+r2013/libseq/seqCache.C Examining data/kmer-0~20150903+r2013/libseq/seqFactory.C Examining data/kmer-0~20150903+r2013/libseq/seqStore.C Examining data/kmer-0~20150903+r2013/libseq/fastqStdin.C Examining data/kmer-0~20150903+r2013/libseq/test-correctSequence.H Examining data/kmer-0~20150903+r2013/libseq/fastaStdin.C Examining data/kmer-0~20150903+r2013/libseq/fastqFile.H Examining data/kmer-0~20150903+r2013/libseq/seqStore.H Examining data/kmer-0~20150903+r2013/libseq/fastaFile.H Examining data/kmer-0~20150903+r2013/libseq/sffFile.C Examining data/kmer-0~20150903+r2013/libseq/fastaFile.C Examining data/kmer-0~20150903+r2013/libseq/seqStream.C Examining data/kmer-0~20150903+r2013/libseq/seqFile.H Examining data/kmer-0~20150903+r2013/libseq/test-seqStream.C Examining data/kmer-0~20150903+r2013/libseq/test-seqCache.C Examining data/kmer-0~20150903+r2013/libseq/seqCache.H Examining data/kmer-0~20150903+r2013/libseq/seqFactory.H Examining data/kmer-0~20150903+r2013/libseq/fastaStdin.H Examining data/kmer-0~20150903+r2013/seagen/thr-loader.C Examining data/kmer-0~20150903+r2013/seagen/thr-output.C Examining data/kmer-0~20150903+r2013/seagen/filterEST.C Examining data/kmer-0~20150903+r2013/seagen/aHit.C Examining data/kmer-0~20150903+r2013/seagen/test/encodedQueryTest.C Examining data/kmer-0~20150903+r2013/seagen/test/intervalList-test.C Examining data/kmer-0~20150903+r2013/seagen/misc/f.C Examining data/kmer-0~20150903+r2013/seagen/misc/dumpCrapSeqs.C Examining data/kmer-0~20150903+r2013/seagen/misc/h.C Examining data/kmer-0~20150903+r2013/seagen/searcherState.H Examining data/kmer-0~20150903+r2013/seagen/configuration.C Examining data/kmer-0~20150903+r2013/seagen/hitMatrix.C Examining data/kmer-0~20150903+r2013/seagen/searchGENOME.H Examining data/kmer-0~20150903+r2013/seagen/searchGENOME.C Examining data/kmer-0~20150903+r2013/seagen/encodedQuery.H Examining data/kmer-0~20150903+r2013/seagen/hitReader.C Examining data/kmer-0~20150903+r2013/seagen/hitMatrix.H Examining data/kmer-0~20150903+r2013/seagen/filterEST-complicated.C Examining data/kmer-0~20150903+r2013/seagen/sortHits.C Examining data/kmer-0~20150903+r2013/seagen/filtertest.C Examining data/kmer-0~20150903+r2013/seagen/aHit.H Examining data/kmer-0~20150903+r2013/seagen/filterESTsimple.C Examining data/kmer-0~20150903+r2013/seagen/posix.H Examining data/kmer-0~20150903+r2013/seagen/configuration.H Examining data/kmer-0~20150903+r2013/seagen/hitMatrix-sort.C Examining data/kmer-0~20150903+r2013/seagen/thr-deadlock.C Examining data/kmer-0~20150903+r2013/seagen/hitConverter.C Examining data/kmer-0~20150903+r2013/seagen/hitReader.H Examining data/kmer-0~20150903+r2013/seagen/filterNULL.C Examining data/kmer-0~20150903+r2013/seagen/encodedQuery.C Examining data/kmer-0~20150903+r2013/seagen/thr-search.C Examining data/kmer-0~20150903+r2013/seagen/filterMRNA.C Examining data/kmer-0~20150903+r2013/trie/trie.C Examining data/kmer-0~20150903+r2013/atac-driver/mismatchCounter/mismatchCounter.C Examining data/kmer-0~20150903+r2013/atac-driver/lengthFilter/lengthFilter.C Examining data/kmer-0~20150903+r2013/atac-driver/gapShifter/testAtac.C Examining data/kmer-0~20150903+r2013/atac-driver/gapShifter/projectFeatures.C Examining data/kmer-0~20150903+r2013/atac-driver/gapShifter/coalesceMatches.C Examining data/kmer-0~20150903+r2013/atac-driver/gapShifter/extractUnmapped.C Examining data/kmer-0~20150903+r2013/atac-driver/gapShifter/alignUnmapped.C Examining data/kmer-0~20150903+r2013/atac-driver/gapShifter/cleanAtac.C Examining data/kmer-0~20150903+r2013/atac-driver/gapShifter/extractSequence.C Examining data/kmer-0~20150903+r2013/atac-driver/gapShifter/correctGaps.C Examining data/kmer-0~20150903+r2013/atac-driver/gapShifter/gapShifter.C Examining data/kmer-0~20150903+r2013/atac-driver/libatac/atacMatch.H Examining data/kmer-0~20150903+r2013/atac-driver/libatac/atacFile.C Examining data/kmer-0~20150903+r2013/atac-driver/libatac/atacFeatureList.H Examining data/kmer-0~20150903+r2013/atac-driver/libatac/atacFileStreamMerge.C Examining data/kmer-0~20150903+r2013/atac-driver/libatac/atacFeature.H Examining data/kmer-0~20150903+r2013/atac-driver/libatac/atacFeature.C Examining data/kmer-0~20150903+r2013/atac-driver/libatac/atacMatchList.H Examining data/kmer-0~20150903+r2013/atac-driver/libatac/fasta-accessor.H Examining data/kmer-0~20150903+r2013/atac-driver/libatac/atacMatch.C Examining data/kmer-0~20150903+r2013/atac-driver/libatac/atac.H Examining data/kmer-0~20150903+r2013/atac-driver/libatac/atacFeatureList.C Examining data/kmer-0~20150903+r2013/atac-driver/libatac/fasta-accessor-test.C Examining data/kmer-0~20150903+r2013/atac-driver/libatac/atacMatchOrder.H Examining data/kmer-0~20150903+r2013/atac-driver/libatac/atacMatchOrder.C Examining data/kmer-0~20150903+r2013/atac-driver/libatac/atacMatchList.C Examining data/kmer-0~20150903+r2013/atac-driver/matchExtender/match.H Examining data/kmer-0~20150903+r2013/atac-driver/matchExtender/matchExtender-func.C Examining data/kmer-0~20150903+r2013/atac-driver/matchExtender/matchExtender.C Examining data/kmer-0~20150903+r2013/atac-driver/matchExtender/matchExtender-dump.C Examining data/kmer-0~20150903+r2013/atac-driver/uniqueFilter/uniqueFilter.C Examining data/kmer-0~20150903+r2013/atac-driver/chimera/happy-clones-span-clumps.C Examining data/kmer-0~20150903+r2013/atac-driver/chainer/localalign/GF_ALN_local.C Examining data/kmer-0~20150903+r2013/atac-driver/chainer/localalign/GF_ALN_pieceOlap.C Examining data/kmer-0~20150903+r2013/atac-driver/chainer/localalign/GF_ALN_loverlapper.C Examining data/kmer-0~20150903+r2013/atac-driver/chainer/localalign/GF_ALN_dpaligner.C Examining data/kmer-0~20150903+r2013/atac-driver/chainer/localalign/GF_ALN_local.H Examining data/kmer-0~20150903+r2013/atac-driver/chainer/localalign/GF_ALN_overlap.C Examining data/kmer-0~20150903+r2013/atac-driver/chainer/localalign/localAlignerInterfacemodule.C Examining data/kmer-0~20150903+r2013/atac-driver/chainer/halign/halign.H Examining data/kmer-0~20150903+r2013/atac-driver/chainer/halign/halign.C Examining data/kmer-0~20150903+r2013/atac-driver/chainer/halign/halignDriver.C Examining data/kmer-0~20150903+r2013/atac-driver/chainer/halign/halignmodule.C Examining data/kmer-0~20150903+r2013/atac-driver/clumpMaker/clumpMaker.C Examining data/kmer-0~20150903+r2013/atac-driver/statsGenerator/statsGenerator.C Examining data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap-process.C Examining data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap-printAnno.C Examining data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap-find.C Examining data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap.C Examining data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap-sort.C Examining data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap-annoList.H Examining data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap-matchTree.C Examining data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap-span.H Examining data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap-spanTree.H Examining data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap.H Examining data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap-stats.H Examining data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap-matchTree.H Examining data/kmer-0~20150903+r2013/libsim4/sim4.H Examining data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-exons.C Examining data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-updatescores.C Examining data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishReader.C Examining data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-stringtopolish.C Examining data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishList.H Examining data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-copy.C Examining data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-deleteexon.C Examining data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish.C Examining data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishWriter.H Examining data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish.H Examining data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishWriter.C Examining data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishBuilder.C Examining data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-compare.C Examining data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishFile.H Examining data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishReader.H Examining data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishFile.C Examining data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C Examining data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-read.C Examining data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishList.C Examining data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishBuilder.H Examining data/kmer-0~20150903+r2013/libsim4/sim4core/Xtend1.C Examining data/kmer-0~20150903+r2013/libsim4/sim4core/sites_acceptor.H Examining data/kmer-0~20150903+r2013/libsim4/sim4core/sim4b1-3.C Examining data/kmer-0~20150903+r2013/libsim4/sim4core/sim4b1-1.C Examining data/kmer-0~20150903+r2013/libsim4/sim4core/poly.C Examining data/kmer-0~20150903+r2013/libsim4/sim4core/pluri_align.C Examining data/kmer-0~20150903+r2013/libsim4/sim4core/mspManager.H Examining data/kmer-0~20150903+r2013/libsim4/sim4core/sim4command.C Examining data/kmer-0~20150903+r2013/libsim4/sim4core/sites_donor.H Examining data/kmer-0~20150903+r2013/libsim4/sim4core/exon_cores.C Examining data/kmer-0~20150903+r2013/libsim4/sim4core/sim4command.H Examining data/kmer-0~20150903+r2013/libsim4/sim4core/greedy.C Examining data/kmer-0~20150903+r2013/libsim4/sim4core/sim4b1-2.C Examining data/kmer-0~20150903+r2013/libsim4/sim4core/sim4parameters.H Examining data/kmer-0~20150903+r2013/libsim4/sim4core/mspManager.C Examining data/kmer-0~20150903+r2013/libsim4/sim4core/sim4string.C Examining data/kmer-0~20150903+r2013/libsim4/sim4core/sim4b1.C Examining data/kmer-0~20150903+r2013/libsim4/sim4core/splice.C Examining data/kmer-0~20150903+r2013/libsim4/sim4core/sites_donor.C Examining data/kmer-0~20150903+r2013/libsim4/sim4core/sim4.H Examining data/kmer-0~20150903+r2013/libsim4/sim4core/sites.C Examining data/kmer-0~20150903+r2013/libsim4/sim4core/sim4b1a.C Examining data/kmer-0~20150903+r2013/libsim4/sim4core/sim4b1-4.C Examining data/kmer-0~20150903+r2013/libsim4/sim4core/sim4defines.H Examining data/kmer-0~20150903+r2013/libsim4/sim4core/util.C Examining data/kmer-0~20150903+r2013/libsim4/sim4core/table.C Examining data/kmer-0~20150903+r2013/libsim4/sim4core/sim4b1_s.H Examining data/kmer-0~20150903+r2013/libsim4/sim4core/glimmerSplice.C Examining data/kmer-0~20150903+r2013/libsim4/sim4core/glimmerSplice.H Examining data/kmer-0~20150903+r2013/libsim4/sim4core/sim4b1_s.C Examining data/kmer-0~20150903+r2013/libsim4/sim4core/sim4parameters.C Examining data/kmer-0~20150903+r2013/libsim4/sim4core/sites_score.H Examining data/kmer-0~20150903+r2013/libsim4/sim4core/extend.C Examining data/kmer-0~20150903+r2013/libsim4/sim4core/exon.H Examining data/kmer-0~20150903+r2013/libsim4/sim4core/sites_acceptor.C Examining data/kmer-0~20150903+r2013/libsim4/sim4core/align.C Examining data/kmer-0~20150903+r2013/libsim4/sim4core/sites_score.C Examining data/kmer-0~20150903+r2013/leaff/gc.C Examining data/kmer-0~20150903+r2013/leaff/stats.C Examining data/kmer-0~20150903+r2013/leaff/blocks.C Examining data/kmer-0~20150903+r2013/leaff/simseq.C Examining data/kmer-0~20150903+r2013/leaff/dups.C Examining data/kmer-0~20150903+r2013/leaff/fragmenter.C Examining data/kmer-0~20150903+r2013/leaff/partition.C Examining data/kmer-0~20150903+r2013/leaff/leaff.C Examining data/kmer-0~20150903+r2013/meryl/merge.listmerge.C Examining data/kmer-0~20150903+r2013/meryl/meryl.H Examining data/kmer-0~20150903+r2013/meryl/maskMers.C Examining data/kmer-0~20150903+r2013/meryl/test/stupidcount.C Examining data/kmer-0~20150903+r2013/meryl/test/kmerlite.H Examining data/kmer-0~20150903+r2013/meryl/test/exhaustive.C Examining data/kmer-0~20150903+r2013/meryl/build.C Examining data/kmer-0~20150903+r2013/meryl/mapMers-depth.C Examining data/kmer-0~20150903+r2013/meryl/mervin.C Examining data/kmer-0~20150903+r2013/meryl/simple.C Examining data/kmer-0~20150903+r2013/meryl/kmer-mask.C Examining data/kmer-0~20150903+r2013/meryl/meryl.C Examining data/kmer-0~20150903+r2013/meryl/estimate.C Examining data/kmer-0~20150903+r2013/meryl/mapMers.C Examining data/kmer-0~20150903+r2013/meryl/compare-counts.C Examining data/kmer-0~20150903+r2013/meryl/binaryOp.C Examining data/kmer-0~20150903+r2013/meryl/dump.C Examining data/kmer-0~20150903+r2013/meryl/args.C Examining data/kmer-0~20150903+r2013/meryl/asmMerQC-regions.C Examining data/kmer-0~20150903+r2013/meryl/merge.qsort.C Examining data/kmer-0~20150903+r2013/meryl/unaryOp.C Examining data/kmer-0~20150903+r2013/meryl/build-threads.C Examining data/kmer-0~20150903+r2013/meryl/merge.C Examining data/kmer-0~20150903+r2013/libbio/alphabet-acgtspace.c Examining data/kmer-0~20150903+r2013/libbio/reversecomplement.c Examining data/kmer-0~20150903+r2013/libbio/merCovering.H Examining data/kmer-0~20150903+r2013/libbio/test/test-setbits.C Examining data/kmer-0~20150903+r2013/libbio/test/halign-test.C Examining data/kmer-0~20150903+r2013/libbio/test/test-bigmer-msf.C Examining data/kmer-0~20150903+r2013/libbio/halign.c Examining data/kmer-0~20150903+r2013/libbio/kmer.H Examining data/kmer-0~20150903+r2013/libbio/kmertiny.H Examining data/kmer-0~20150903+r2013/libbio/alphabet.c Examining data/kmer-0~20150903+r2013/libbio/mers.h Examining data/kmer-0~20150903+r2013/libbio/merList.H Examining data/kmer-0~20150903+r2013/libbio/bio.h Examining data/kmer-0~20150903+r2013/libbio/kmerhuge.H Examining data/kmer-0~20150903+r2013/libbio/alphabet-generate.c Examining data/kmer-0~20150903+r2013/libbio/alphabet.h Examining data/kmer-0~20150903+r2013/libbio/alphabet-colorspace.c Examining data/kmer-0~20150903+r2013/libbio/kmeriface.H Examining data/kmer-0~20150903+r2013/libbio/kmer.C Examining data/kmer-0~20150903+r2013/libbio/bio++.H Examining data/kmer-0~20150903+r2013/seatac/thr-loader.C Examining data/kmer-0~20150903+r2013/seatac/filter-nop.C Examining data/kmer-0~20150903+r2013/seatac/configuration.C Examining data/kmer-0~20150903+r2013/seatac/hitMatrix.C Examining data/kmer-0~20150903+r2013/seatac/filterObj.H Examining data/kmer-0~20150903+r2013/seatac/hitMatrix.H Examining data/kmer-0~20150903+r2013/seatac/statObj.H Examining data/kmer-0~20150903+r2013/seatac/seatac.H Examining data/kmer-0~20150903+r2013/seatac/filter-heavychains.C Examining data/kmer-0~20150903+r2013/seatac/posix.H Examining data/kmer-0~20150903+r2013/seatac/seatac.C Examining data/kmer-0~20150903+r2013/seatac/hitMatrix-sort.C Examining data/kmer-0~20150903+r2013/seatac/heavychains.H Examining data/kmer-0~20150903+r2013/seatac/thr-deadlock.C Examining data/kmer-0~20150903+r2013/seatac/encodedQuery.C Examining data/kmer-0~20150903+r2013/seatac/heavychains.C Examining data/kmer-0~20150903+r2013/seatac/thr-search.C Examining data/kmer-0~20150903+r2013/seatac/heavychains-driver.C Examining data/kmer-0~20150903+r2013/seatac/sharedObj.H Examining data/kmer-0~20150903+r2013/sim4dbutils/pickUniquePolish.C Examining data/kmer-0~20150903+r2013/sim4dbutils/summarizePolishes.C Examining data/kmer-0~20150903+r2013/sim4dbutils/uniqPolishes.C Examining data/kmer-0~20150903+r2013/sim4dbutils/coveragehack.C Examining data/kmer-0~20150903+r2013/sim4dbutils/pickUniquePolish-nhgri.C Examining data/kmer-0~20150903+r2013/sim4dbutils/depthOfPolishes.C Examining data/kmer-0~20150903+r2013/sim4dbutils/removeRedundant.C Examining data/kmer-0~20150903+r2013/sim4dbutils/sortPolishes.C Examining data/kmer-0~20150903+r2013/sim4dbutils/trimExons.C Examining data/kmer-0~20150903+r2013/sim4dbutils/comparePolishes.C Examining data/kmer-0~20150903+r2013/sim4dbutils/vennPolishes.C Examining data/kmer-0~20150903+r2013/sim4dbutils/removeDuplicate.C Examining data/kmer-0~20150903+r2013/sim4dbutils/mergePolishes.C Examining data/kmer-0~20150903+r2013/sim4dbutils/s4p_overlap.C Examining data/kmer-0~20150903+r2013/sim4dbutils/filterPolishes.C Examining data/kmer-0~20150903+r2013/sim4dbutils/cleanPolishes.C Examining data/kmer-0~20150903+r2013/sim4dbutils/pickBestPolish.C Examining data/kmer-0~20150903+r2013/sim4dbutils/mappedCoverage.C Examining data/kmer-0~20150903+r2013/sim4dbutils/plotCoverageVsIdentity.C Examining data/kmer-0~20150903+r2013/sim4dbutils/realignPolishes.C Examining data/kmer-0~20150903+r2013/sim4dbutils/trimSequencesBasedOnMatches.C Examining data/kmer-0~20150903+r2013/sim4dbutils/reportAlignmentDifferences.C Examining data/kmer-0~20150903+r2013/sim4dbutils/fixPolishesIID.C Examining data/kmer-0~20150903+r2013/sim4dbutils/detectChimera.C Examining data/kmer-0~20150903+r2013/sim4dbutils/convertPolishes.C Examining data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C Examining data/kmer-0~20150903+r2013/sim4dbutils/s4p_overlap.H Examining data/kmer-0~20150903+r2013/sim4dbutils/cleanPolishes-20020626.C Examining data/kmer-0~20150903+r2013/sim4dbutils/convertToAtac.C Examining data/kmer-0~20150903+r2013/sim4dbutils/convertToExtent.C Examining data/kmer-0~20150903+r2013/sim4dbutils/plotIntronSize.C Examining data/kmer-0~20150903+r2013/sim4dbutils/headPolishes.C Examining data/kmer-0~20150903+r2013/sim4dbutils/parseSNP.C Examining data/kmer-0~20150903+r2013/libkmer/positionDB-access.C Examining data/kmer-0~20150903+r2013/libkmer/merTable.H Examining data/kmer-0~20150903+r2013/libkmer/test/test-mertable.C Examining data/kmer-0~20150903+r2013/libkmer/test/test-rebuild.C Examining data/kmer-0~20150903+r2013/libkmer/test/test-maskonly.C Examining data/kmer-0~20150903+r2013/libkmer/existDB-state.C Examining data/kmer-0~20150903+r2013/libkmer/existDB.H Examining data/kmer-0~20150903+r2013/libkmer/existDB-create-from-sequence.C Examining data/kmer-0~20150903+r2013/libkmer/existDB-create-from-fasta.C Examining data/kmer-0~20150903+r2013/libkmer/positionDB.H Examining data/kmer-0~20150903+r2013/libkmer/positionDB-sort.C Examining data/kmer-0~20150903+r2013/libkmer/positionDB-file.C Examining data/kmer-0~20150903+r2013/libkmer/positionDB-dump.C Examining data/kmer-0~20150903+r2013/libkmer/existDB.C Examining data/kmer-0~20150903+r2013/libkmer/existDB-create-from-meryl.C Examining data/kmer-0~20150903+r2013/libkmer/positionDB-mismatch.C Examining data/kmer-0~20150903+r2013/libkmer/driver-posDB.C Examining data/kmer-0~20150903+r2013/libkmer/positionDB.C Examining data/kmer-0~20150903+r2013/libkmer/driver-existDB.C Examining data/kmer-0~20150903+r2013/snapper/snapper2.C Examining data/kmer-0~20150903+r2013/snapper/thr-polish-dp.C Examining data/kmer-0~20150903+r2013/snapper/configuration.C Examining data/kmer-0~20150903+r2013/snapper/hitMatrix.C Examining data/kmer-0~20150903+r2013/snapper/snapper2.H Examining data/kmer-0~20150903+r2013/snapper/thr-filter.C Examining data/kmer-0~20150903+r2013/snapper/hitMatrix-sort.C Examining data/kmer-0~20150903+r2013/snapper/thr-polish.C Examining data/kmer-0~20150903+r2013/snapper/thr-search.C Examining data/kmer-0~20150903+r2013/libmeryl/libmeryl.H Examining data/kmer-0~20150903+r2013/libmeryl/libmeryl.C Examining data/kmer-0~20150903+r2013/tapper/tapperAlignment.H Examining data/kmer-0~20150903+r2013/tapper/tappermerge.C Examining data/kmer-0~20150903+r2013/tapper/tapperComputation.H Examining data/kmer-0~20150903+r2013/tapper/tappererrorcorrect.C Examining data/kmer-0~20150903+r2013/tapper/tapperThreadData.H Examining data/kmer-0~20150903+r2013/tapper/tapperconvert.C Examining data/kmer-0~20150903+r2013/tapper/tagger.C Examining data/kmer-0~20150903+r2013/tapper/tapperHit.H Examining data/kmer-0~20150903+r2013/tapper/tapper.C Examining data/kmer-0~20150903+r2013/tapper/tapperResult.H Examining data/kmer-0~20150903+r2013/tapper/tappersort.C Examining data/kmer-0~20150903+r2013/tapper/tapperTag.H Examining data/kmer-0~20150903+r2013/tapper/tapperGlobalData.H Examining data/kmer-0~20150903+r2013/ESTmapper/mergeCounts.C Examining data/kmer-0~20150903+r2013/ESTmapper/terminate.C FINAL RESULTS: data/kmer-0~20150903+r2013/ESTmapper/terminate.C:82:7: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. fscanf(inFile, uint32FMT, &iid); data/kmer-0~20150903+r2013/ESTmapper/terminate.C:85:9: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. fscanf(inFile, uint32FMT, &iid); data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap-printAnno.C:68:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(F, uint32FMTW(07)" ", uint32ZERO); data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap-printAnno.C:90:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(F, uint32FMTW(07)" ", uint32ZERO); data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap-stats.H:58:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s.%s", prefix, label); data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap-stats.H:64:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, uint32FMT" "uint32FMT"\n", i, hist[i]); data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap.C:102:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outname, "%s.map1annotation", OP); data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap.C:115:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outname, "%s.map2annotation", OP); data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap.C:133:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outname, "%s.asm1histogram", OP); data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap.C:135:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outname, "%s.asm2histogram", OP); data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap.C:140:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outname, "%s.histogram.gnuplot", OP); data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap.C:170:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outname, "gnuplot < %s.histogram.gnuplot", OP); data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap.C:171:7: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(outname)) data/kmer-0~20150903+r2013/atac-driver/chainer/localalign/GF_ALN_local.C:1138:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(BrevC,B); data/kmer-0~20150903+r2013/atac-driver/clumpMaker/clumpMaker.C:341:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(C.matchuid, "clump"int32FMTW(06), cc); data/kmer-0~20150903+r2013/atac-driver/clumpMaker/clumpMaker.C:377:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(hits[mm].match.parentuid, "clump"int32FMTW(06), cc); data/kmer-0~20150903+r2013/atac-driver/gapShifter/gapShifter.C:542:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, uint32FMTW(9)"-"uint32FMTW(9)" -- "uint32FMTW(9)"-"uint32FMTW(9)"\n", data/kmer-0~20150903+r2013/atac-driver/gapShifter/gapShifter.C:545:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, uint32FMTW(9)"-"uint32FMTW(9)" -- "uint32FMTW(9)"-"uint32FMTW(9)"\n", data/kmer-0~20150903+r2013/atac-driver/gapShifter/gapShifter.C:549:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, uint32FMTW(9)"-"uint32FMTW(9)" -- "uint32FMTW(9)"-"uint32FMTW(9)"\n", data/kmer-0~20150903+r2013/atac-driver/gapShifter/gapShifter.C:552:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, uint32FMTW(9)"-"uint32FMTW(9)" -- "uint32FMTW(9)"-"uint32FMTW(9)"\n", data/kmer-0~20150903+r2013/atac-driver/libatac/atacFeature.C:56:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(featureuid, fuid); data/kmer-0~20150903+r2013/atac-driver/libatac/atacFeature.C:57:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(parentuid, puid); data/kmer-0~20150903+r2013/atac-driver/libatac/atacFeature.C:68:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(type, t); data/kmer-0~20150903+r2013/atac-driver/libatac/atacFeature.C:81:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(featureuid, W[2]); data/kmer-0~20150903+r2013/atac-driver/libatac/atacFeature.C:82:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(parentuid, W[3]); data/kmer-0~20150903+r2013/atac-driver/libatac/atacFeature.C:93:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(type, W[1]); data/kmer-0~20150903+r2013/atac-driver/libatac/atacFile.C:231:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_fileA, val); data/kmer-0~20150903+r2013/atac-driver/libatac/atacFile.C:234:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_fileB, val); data/kmer-0~20150903+r2013/atac-driver/libatac/atacFile.C:237:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_labelA, val); data/kmer-0~20150903+r2013/atac-driver/libatac/atacFile.C:240:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_labelB, val); data/kmer-0~20150903+r2013/atac-driver/libatac/atacFileStreamMerge.C:96:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_fileA, _files[_filesLen]._theFile->assemblyFileA()); data/kmer-0~20150903+r2013/atac-driver/libatac/atacFileStreamMerge.C:97:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_fileB, _files[_filesLen]._theFile->assemblyFileB()); data/kmer-0~20150903+r2013/atac-driver/libatac/atacFileStreamMerge.C:99:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_labelA, _files[_filesLen]._theFile->labelA()); data/kmer-0~20150903+r2013/atac-driver/libatac/atacFileStreamMerge.C:100:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_labelB, _files[_filesLen]._theFile->labelB()); data/kmer-0~20150903+r2013/atac-driver/libatac/atacMatchOrder.C:38:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(n.matchuid, "merge"uint32FMT, mergeuid); data/kmer-0~20150903+r2013/atac-driver/matchExtender/matchExtender-dump.C:84:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(seq, (_ori1 == _ori2) ? ">>> " : "<<< "); data/kmer-0~20150903+r2013/atac-driver/mismatchCounter/mismatchCounter.C:203:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(O, uint32FMT" "uint32FMT"\n", i, blockHistogram[i]); data/kmer-0~20150903+r2013/atac-driver/statsGenerator/statsGenerator.C:99:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s.%s.histogramdat", prefix, label); data/kmer-0~20150903+r2013/atac-driver/statsGenerator/statsGenerator.C:102:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, uint64FMT" "uint32FMT"\n", i * _b, _h[i]); data/kmer-0~20150903+r2013/atac-driver/statsGenerator/statsGenerator.C:127:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s.%s.histogram.gnuplot", prefix, label); data/kmer-0~20150903+r2013/atac-driver/statsGenerator/statsGenerator.C:140:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "gnuplot < %s.%s.histogram.gnuplot", prefix, label); data/kmer-0~20150903+r2013/atac-driver/statsGenerator/statsGenerator.C:141:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(filename)) data/kmer-0~20150903+r2013/atac-driver/statsGenerator/statsGenerator.C:398:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s.Nx", prefix); data/kmer-0~20150903+r2013/atac-driver/statsGenerator/statsGenerator.C:409:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, uint64FMT" "uint32FMT"\n", n, n50[iter-1]); data/kmer-0~20150903+r2013/atac-driver/statsGenerator/statsGenerator.C:417:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s.Nx.gnuplot", prefix); data/kmer-0~20150903+r2013/atac-driver/statsGenerator/statsGenerator.C:425:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "gnuplot < %s.Nx.gnuplot", prefix); data/kmer-0~20150903+r2013/atac-driver/statsGenerator/statsGenerator.C:426:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(filename)) data/kmer-0~20150903+r2013/atac-driver/statsGenerator/statsGenerator.C:729:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefixFull, "%s-matches", prefix); data/kmer-0~20150903+r2013/atac-driver/statsGenerator/statsGenerator.C:737:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefixFull, "%s-runs", prefix); data/kmer-0~20150903+r2013/atac-driver/statsGenerator/statsGenerator.C:745:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefixFull, "%s-clumps", prefix); data/kmer-0~20150903+r2013/leaff/dups.C:26:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, uint32FMT" <-> "uint32FMT"\n", sa->getIID(), sb->getIID()); data/kmer-0~20150903+r2013/leaff/dups.C:60:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, uint32FMT":%s\n"uint32FMT":%s\n\n", data/kmer-0~20150903+r2013/leaff/fragmenter.C:175:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(L, uint32FMT" : "uint32FMT"["uint32FMT"-"uint32FMT"]\n", data/kmer-0~20150903+r2013/leaff/gc.C:68:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, uint32FMT"\t"uint32FMT"\t%.2f\t%.2f\t%.2f\t%.2f\t%.2f\t%.2f\t%.2f\t%.2f\t%.2f\n", data/kmer-0~20150903+r2013/leaff/leaff.C:228:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(d, "%s_5", def); data/kmer-0~20150903+r2013/leaff/leaff.C:231:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(d, "%s_3", def); data/kmer-0~20150903+r2013/leaff/leaff.C:405:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(uint32FMT"\n", fasta->getNumberOfSequences()); data/kmer-0~20150903+r2013/leaff/leaff.C:469:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(def, "random"uint32FMTW(06), i); data/kmer-0~20150903+r2013/leaff/partition.C:62:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s-"uint32FMTW(03)".fasta", prefix, o); data/kmer-0~20150903+r2013/leaff/partition.C:90:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, uint32FMT"\n", openP); data/kmer-0~20150903+r2013/leaff/partition.C:96:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, uint32FMT"]("uint32FMT")", o, sizeP); data/kmer-0~20150903+r2013/libbio/test/test-setbits.C:19:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, uint32FMTW(3)" -- %s -- "uint64HEX"\n", i, x.merToString(str), x.getBits(i, 16)); data/kmer-0~20150903+r2013/libkmer/driver-existDB.C:29:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefixfilename, "%s.1", prefix); data/kmer-0~20150903+r2013/libkmer/driver-existDB.C:120:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(DUMP, uint64HEX"\n", (uint64)M->theFMer()); data/kmer-0~20150903+r2013/libkmer/driver-existDB.C:122:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(DUMP, uint64HEX" MISSED!\n", (uint64)M->theFMer()); data/kmer-0~20150903+r2013/libkmer/driver-existDB.C:136:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(DUMP, uint64HEX"\n", m); data/kmer-0~20150903+r2013/libkmer/driver-existDB.C:191:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, usage, argv[0]); data/kmer-0~20150903+r2013/libkmer/driver-posDB.C:58:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, uint64FMT, posn[i]); data/kmer-0~20150903+r2013/libkmer/positionDB-dump.C:32:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(F, "%c chk="uint64HEX" pos="uint64FMT" siz="uint64FMT, data/kmer-0~20150903+r2013/libkmer/positionDB-dump.C:40:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(F, " "uint64FMT, getDecodedValue(_positions, pos, _posnWidth)); data/kmer-0~20150903+r2013/libkmer/positionDB-sort.C:86:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, uint32FMTW(4)"] chck="uint64HEX" posn="uint64FMT"\n", t, _sortedChck[t], _sortedPosn[t]); data/kmer-0~20150903+r2013/libmeryl/libmeryl.C:24:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(inpath, "%s.mcidx", fn); data/kmer-0~20150903+r2013/libmeryl/libmeryl.C:27:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(inpath, "%s.mcdat", fn); data/kmer-0~20150903+r2013/libmeryl/libmeryl.C:30:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(inpath, "%s.mcpos", fn); data/kmer-0~20150903+r2013/libmeryl/libmeryl.C:203:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outpath, "%s.mcidx", fn); data/kmer-0~20150903+r2013/libmeryl/libmeryl.C:206:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outpath, "%s.mcdat", fn); data/kmer-0~20150903+r2013/libmeryl/libmeryl.C:210:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outpath, "%s.mcpos", fn); data/kmer-0~20150903+r2013/libseq/fastaFile.C:20:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_filename, filename); data/kmer-0~20150903+r2013/libseq/fastaFile.C:402:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(indexname, _filename); data/kmer-0~20150903+r2013/libseq/fastaStdin.C:16:13: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. _pipe = popen(filename, "r"); data/kmer-0~20150903+r2013/libseq/fastaStdin.C:54:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "gzip -dc %s", filename); data/kmer-0~20150903+r2013/libseq/fastaStdin.C:57:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "bzip2 -dc %s", filename); data/kmer-0~20150903+r2013/libseq/fastaStdin.C:60:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "xz -dc %s", filename); data/kmer-0~20150903+r2013/libseq/fastqFile.C:20:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_filename, filename); data/kmer-0~20150903+r2013/libseq/fastqFile.C:397:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(indexname, _filename); data/kmer-0~20150903+r2013/libseq/fastqStdin.C:16:13: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. _pipe = popen(filename, "r"); data/kmer-0~20150903+r2013/libseq/fastqStdin.C:54:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "gzip -dc %s", filename); data/kmer-0~20150903+r2013/libseq/fastqStdin.C:57:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "bzip2 -dc %s", filename); data/kmer-0~20150903+r2013/libseq/fastqStdin.C:60:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "xz -dc %s", filename); data/kmer-0~20150903+r2013/libseq/seqStore.C:14:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_filename, filename); data/kmer-0~20150903+r2013/libseq/seqStore.C:477:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(NAME + NAMElen, sic->header()); data/kmer-0~20150903+r2013/libseq/sffFile.C:15:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_filename, name); data/kmer-0~20150903+r2013/libsim4/sim4core/sim4b1_s.C:55:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(uint64HEX, mask); data/kmer-0~20150903+r2013/libsim4/sim4core/sim4b1a.C:19:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy((char *)tmp,END_SIG); data/kmer-0~20150903+r2013/libsim4/sim4core/sim4b1a.C:21:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy((char *)(tmp+sig->pos2+1), START_SIG); data/kmer-0~20150903+r2013/libsim4/sim4core/sim4b1a.C:41:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy((char *)tmp,END_SIG); data/kmer-0~20150903+r2013/libsim4/sim4core/sim4b1a.C:44:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy((char *)(tmp+_estLen-sig->pos2+2),START_SIG); data/kmer-0~20150903+r2013/libsim4/sim4core/sim4parameters.H:75:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_spacedSeed, z); data/kmer-0~20150903+r2013/libsim4/sim4core/sim4parameters.H:109:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_spacedSeed, DEFAULT_SPACED_SEED); data/kmer-0~20150903+r2013/libsim4/sim4core/sim4parameters.H:110:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_spacedSeedInt, DEFAULT_SPACED_SEED_INT); data/kmer-0~20150903+r2013/libsim4/sim4core/sim4parameters.H:111:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_spacedSeedExt, DEFAULT_SPACED_SEED_EXT); data/kmer-0~20150903+r2013/libsim4/sim4core/splice.C:69:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s/%s", train_dir, Glimmer_posDonModelPath); data/kmer-0~20150903+r2013/libsim4/sim4core/splice.C:72:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s/%s", train_dir, Glimmer_negDonModelPath); data/kmer-0~20150903+r2013/libsim4/sim4core/splice.C:75:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s/%s", train_dir, Glimmer_posAccModelPath); data/kmer-0~20150903+r2013/libsim4/sim4core/splice.C:78:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s/%s", train_dir, Glimmer_negAccModelPath); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:181:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outc, "sim4begin\n"uint32FMT"["uint32FMT"-"uint32FMT"-"uint32FMT"] "uint32FMT"["uint32FMT"-"uint32FMT"] <"uint32FMT"-"uint32FMT"-"uint32FMT"-%s-%s>\n", data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:188:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outc, "comment=%s\n", _comment); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:193:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outc, "edef=%s\n", _estDefLine); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:198:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outc, "ddef=%s\n", _genDefLine); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:212:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outc, ""uint32FMT"-"uint32FMT" ("uint32FMT"-"uint32FMT") <"uint32FMT"-"uint32FMT"-"uint32FMT">%s\n", data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:222:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(outc, _exons[i]._estAlignment); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:227:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(outc, _exons[i]._genAlignment); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:346:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(outc, uint32FMT":%s\tsim4db\tmRNA\t"uint32FMT"\t"uint32FMT"\t"uint32FMT"\t%c\t.\t", data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:350:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outc, "ID=sim4db"uint32FMT";Name="uint32FMT":%s;Target="uint32FMT":%s "uint32FMT" "uint32FMT" %c;", data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:363:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(outc, uint32FMT":%s\tsim4db\texon\t"uint32FMT"\t"uint32FMT"\t"uint32FMT"\t%c\t.\t", data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:368:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outc, "Parent=sim4db"uint32FMT";Target="uint32FMT":%s "uint32FMT" "uint32FMT" %c;Gap=%s;nMatches="uint32FMT"", data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:371:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outc, "Parent=sim4db"uint32FMT";Target="uint32FMT":%s "uint32FMT" "uint32FMT" %c;nMatches="uint32FMT"", data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:379:37: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. case SIM4_INTRON_POSITIVE: sprintf(outc, ";intron=%s\n", iOriPOS +1); break; data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:380:37: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. case SIM4_INTRON_NEGATIVE: sprintf(outc, ";intron=%s\n", iOriNEG +1); break; data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:381:37: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. case SIM4_INTRON_AMBIGUOUS: sprintf(outc, ";intron=%s\n", iOriAMB +1); break; data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:382:37: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. case SIM4_INTRON_GAP: sprintf(outc, ";intron=%s\n", iOriGAP +1); break; data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:383:37: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. case SIM4_INTRON_ERROR: sprintf(outc, ";intron=%s\n", iOriERR +1); break; data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-stringtopolish.C:42:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. uint32 r = sscanf(lines[cl], ""uint32FMT"["uint32FMT" "uint32FMT" "uint32FMT"] "uint32FMT"["uint32FMT" "uint32FMT"] <"uint32FMT" "uint32FMT" "uint32FMT" %s %s>", data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-stringtopolish.C:94:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_comment, lines[cl] + 8); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-stringtopolish.C:102:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_estDefLine, lines[cl] + 5); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-stringtopolish.C:110:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_genDefLine, lines[cl] + 5); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-stringtopolish.C:183:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_exons[el]._estAlignment, lines[cl]); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-stringtopolish.C:187:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_exons[el]._genAlignment, lines[cl]); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-stringtopolish.C:243:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. r = sscanf(lines[cl], ""uint32FMT":%s\tsim4db\tmRNA\t"uint32FMT"\t"uint32FMT"\t"uint32FMT"\t%c\t.\t", data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-stringtopolish.C:280:13: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. r = sscanf(crttok, "Name="uint32FMT":%s", &_estID, _estDefLine); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-stringtopolish.C:285:13: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. r = sscanf(crttok, "Target="uint32FMT":%s "uint32FMT" "uint32FMT" %c", &_estID, _estDefLine, &dummy1, &dummy2, &mOri); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-stringtopolish.C:339:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. r = sscanf(lines[cl], ""uint32FMT":%s\tsim4db\texon\t"uint32FMT"\t"uint32FMT"\t"uint32FMT"\t%c\t.\t", data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-stringtopolish.C:370:15: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. r = sscanf(crttok, "Target=%s "uint32FMT" "uint32FMT" %c", &dummybuf, &exon._estFrom, &exon._estTo, &mOri); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-stringtopolish.C:383:15: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. r = sscanf(crttok, "intron=%s", &dummybuf); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishFile.C:40:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_path, path); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishFile.C:133:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(nam, "%s.sim4polishFile", _path); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishFile.C:180:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(nam, "%s.sim4polishFile", _path); data/kmer-0~20150903+r2013/libutil/bigQueue.C:33:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_saveFile, filename); data/kmer-0~20150903+r2013/libutil/bigQueue.C:37:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_tmpPath, tmppath); data/kmer-0~20150903+r2013/libutil/bitPackedFile.C:17:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_name, name); data/kmer-0~20150903+r2013/libutil/bzipBuffer.C:18:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_filename, filename); data/kmer-0~20150903+r2013/libutil/file.c:63:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(template, path); data/kmer-0~20150903+r2013/libutil/file.c:263:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p, path); data/kmer-0~20150903+r2013/libutil/file.c:408:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "bzip2 -dc %s", path); data/kmer-0~20150903+r2013/libutil/file.c:410:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "bzip2 -9c > %s", path); data/kmer-0~20150903+r2013/libutil/file.c:417:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "gzip -dc %s", path); data/kmer-0~20150903+r2013/libutil/file.c:419:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "gzip -9c > %s", path); data/kmer-0~20150903+r2013/libutil/file.c:431:9: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. F = popen(cmd, mode); data/kmer-0~20150903+r2013/libutil/kazlib/except.c:285:5: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buf, fmt, vl); data/kmer-0~20150903+r2013/libutil/logMsg.H:63:7: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, ap); data/kmer-0~20150903+r2013/libutil/logMsg.H:70:16: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. _logLen += vsprintf(_log + _logLen, fmt, ap); data/kmer-0~20150903+r2013/libutil/mt19937ar/mt19937ar-test.c:19:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(uint32FMTW(10)" ", mtRandom32(ctx)); data/kmer-0~20150903+r2013/libutil/mt19937ar/mt19937ar-test.c:33:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(uint64HEX" ", mtRandom64(ctx)); data/kmer-0~20150903+r2013/libutil/readBuffer.C:40:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_filename, filename); data/kmer-0~20150903+r2013/libutil/recordFile.C:23:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_name, name); data/kmer-0~20150903+r2013/libutil/speedCounter.H:26:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, _fmt, v, v / (getTime() - _startTime)); data/kmer-0~20150903+r2013/libutil/speedCounter.H:43:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, _fmt, v, v / (getTime() - _startTime)); data/kmer-0~20150903+r2013/libutil/speedCounter.H:55:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, _fmt, v, v / (getTime() - _startTime)); data/kmer-0~20150903+r2013/libutil/test/test-bitPackedFile.C:65:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, uint32FMT"] ERROR in getBits() -- retrieved "uint64HEX" != expected "uint64HEX" ("uint32FMT" bits).\n", i, v, val[i], siz[i]); data/kmer-0~20150903+r2013/libutil/test/test-bitPackedFile.C:71:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, uint32FMT"] ERROR in getNumber() -- retrieved "uint64HEX" != expected "uint64HEX".\n", i, v, val[i]); data/kmer-0~20150903+r2013/libutil/test/test-bitPackedFile.C:154:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, uint32FMT"] ERROR in seek()/getBits() -- retrieved "uint64HEX" != expected "uint64HEX" ("uint32FMT" bits).\n", i, r, val[i], siz[i]); data/kmer-0~20150903+r2013/libutil/test/test-bitPackedFile.C:235:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, uint32FMT"] ERROR in seekstream/getBits() -- retrieved "uint64HEX" != expected "uint64HEX" ("uint32FMT" bits).\n", i, v, val[i], siz[i]); data/kmer-0~20150903+r2013/meryl/args.C:66:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dupstr, str); data/kmer-0~20150903+r2013/meryl/args.C:503:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s.merylArgs", prefix); data/kmer-0~20150903+r2013/meryl/args.C:563:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s.merylArgs", outputFile); data/kmer-0~20150903+r2013/meryl/asmMerQC-regions.C:994:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, uint64FMT"\t"uint32FMT"\t"uint32FMT"\tdepth="uint32FMT","uint32FMT"\n", data/kmer-0~20150903+r2013/meryl/asmMerQC-regions.C:1010:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, uint32FMT"\t"uint32FMT"\t"uint32FMT"\n", x, badBegDepth[x], badEndDepth[x]); data/kmer-0~20150903+r2013/meryl/asmMerQC-regions.C:1018:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, uint32FMTW(5), badDepth[i][j]); data/kmer-0~20150903+r2013/meryl/build.C:109:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(nam, "%s-prepare.sh", args->outputFile); data/kmer-0~20150903+r2013/meryl/build.C:122:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "qsub -cwd -b n -j y -o %s-prepare.err %s -N mp%s %s-prepare.sh", data/kmer-0~20150903+r2013/meryl/build.C:125:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "qsub -cwd -b n -j y -o %s-prepare.err -N mp%s %s-prepare.sh", data/kmer-0~20150903+r2013/meryl/build.C:128:7: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(cmd)) data/kmer-0~20150903+r2013/meryl/build.C:139:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(nam, "%s-count.sh", args->outputFile); data/kmer-0~20150903+r2013/meryl/build.C:153:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "qsub -t 1-"uint64FMT" -cwd -b n -j y -o %s-count-\\$TASK_ID.err %s -N mc%s %s-count.sh", data/kmer-0~20150903+r2013/meryl/build.C:156:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "qsub -t 1-"uint64FMT" -cwd -b n -j y -o %s-count-\\$TASK_ID.err -N mc%s %s-count.sh", data/kmer-0~20150903+r2013/meryl/build.C:159:7: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(cmd)) data/kmer-0~20150903+r2013/meryl/build.C:164:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(nam, "%s-merge.sh", args->outputFile); data/kmer-0~20150903+r2013/meryl/build.C:177:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "qsub -hold_jid mc%s -cwd -b n -j y -o %s-merge.err %s -N mm%s %s-merge.sh", data/kmer-0~20150903+r2013/meryl/build.C:180:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "qsub -hold_jid mc%s -cwd -b n -j y -o %s-merge.err -N mm%s %s-merge.sh", data/kmer-0~20150903+r2013/meryl/build.C:183:7: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(cmd)) data/kmer-0~20150903+r2013/meryl/build.C:342:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s.batch"uint64FMT".mcdat", args->outputFile, segment); data/kmer-0~20150903+r2013/meryl/build.C:532:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(batchOutputFile, "%s.batch"uint64FMT, args->outputFile, segment); data/kmer-0~20150903+r2013/meryl/build.C:783:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(argv[argc], "%s.batch"uint32FMT, args->outputFile, i); data/kmer-0~20150903+r2013/meryl/build.C:807:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s.batch"uint32FMT".mcidx", args->outputFile, i); data/kmer-0~20150903+r2013/meryl/build.C:809:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s.batch"uint32FMT".mcdat", args->outputFile, i); data/kmer-0~20150903+r2013/meryl/build.C:811:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s.batch"uint32FMT".mcpos", args->outputFile, i); data/kmer-0~20150903+r2013/meryl/build.C:823:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s.merStream", args->outputFile); data/kmer-0~20150903+r2013/meryl/compare-counts.C:100:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, uint32FMT"\t"uint32FMT"\t%f\n", i, j, log(heatraw[i][j])); data/kmer-0~20150903+r2013/meryl/compare-counts.C:208:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outputName, "%s.gp", outputPrefix); data/kmer-0~20150903+r2013/meryl/compare-counts.C:211:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outputName, "%s.dat", outputPrefix); data/kmer-0~20150903+r2013/meryl/compare-counts.C:225:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outputDAT, uint32FMT"\t"uint32FMT"\t"uint32FMT"\n", i, Htrue[i], Hnoise[i]); data/kmer-0~20150903+r2013/meryl/compare-counts.C:229:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outputName, "gnuplot < %s.gp", outputPrefix); data/kmer-0~20150903+r2013/meryl/compare-counts.C:230:3: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(outputName); data/kmer-0~20150903+r2013/meryl/dump.C:35:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, ">"uint64FMT, M->theCount()); data/kmer-0~20150903+r2013/meryl/dump.C:37:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, " "uint32FMT, M->getPosition(i)); data/kmer-0~20150903+r2013/meryl/dump.C:101:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, uint32FMT"\t"uint64FMT"\t%.4f\t%.4f\n", data/kmer-0~20150903+r2013/meryl/dump.C:148:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, uint32FMT"\t"uint64FMT"\n", d, hist[d]); data/kmer-0~20150903+r2013/meryl/estimate.C:162:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, uint64FMT" "uint32FMT"-mers can be computed using "uint64FMT"MB memory.\n", data/kmer-0~20150903+r2013/meryl/kmer-mask.C:474:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(C, "gzip -dc %s", filename); data/kmer-0~20150903+r2013/meryl/kmer-mask.C:475:9: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. F = popen(C, "r"); data/kmer-0~20150903+r2013/meryl/kmer-mask.C:480:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(C, "bzip2 -dc %s", filename); data/kmer-0~20150903+r2013/meryl/kmer-mask.C:481:9: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. F = popen(C, "r"); data/kmer-0~20150903+r2013/meryl/kmer-mask.C:486:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(C, "xz -dc %s", filename); data/kmer-0~20150903+r2013/meryl/kmer-mask.C:487:9: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. F = popen(C, "r"); data/kmer-0~20150903+r2013/meryl/kmer-mask.C:523:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(N, "%s.%s.fastq", prefix, extension); data/kmer-0~20150903+r2013/meryl/maskMers.C:81:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_fastaName, fastaName_); data/kmer-0~20150903+r2013/meryl/maskMers.C:82:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_merylName, merylName_); data/kmer-0~20150903+r2013/meryl/maskMers.C:84:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_maskMersName, _merylName); data/kmer-0~20150903+r2013/meryl/maskMers.C:139:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, uint32FMT" sequences in '%s'\n", _numSeq, _fastaName); data/kmer-0~20150903+r2013/meryl/maskMers.C:198:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, uint32FMT" sequences in '%s'\n", _numSeq, _fastaName); data/kmer-0~20150903+r2013/meryl/maskMers.C:286:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(outputName, "%s.density.seq"uint32FMTW(02), outputPrefix, s); data/kmer-0~20150903+r2013/meryl/maskMers.C:313:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outputFile, uint32FMT"\t%f\t%f\t%f\n", data/kmer-0~20150903+r2013/meryl/maskMers.C:364:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outputName, "%s.mateRescue.seq"uint32FMTW(02)".out", outputPrefix, s); data/kmer-0~20150903+r2013/meryl/maskMers.C:367:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outputName, "%s.mateRescue.seq"uint32FMTW(02)".dat", outputPrefix, s); data/kmer-0~20150903+r2013/meryl/maskMers.C:513:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outputData, int32FMT"\t%f\t%f\n", p, pRtot / totalDepth, pFtot / totalDepth); data/kmer-0~20150903+r2013/meryl/maskMers.C:521:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outputFile, uint32FMT"\t"uint32FMT"\t"uint32FMT"\t%.0f\t%.0f\t"uint32FMT"\t"int32FMT"\t"int32FMT"\n", data/kmer-0~20150903+r2013/meryl/mervin.C:530:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outName, "%s.fasta", outPrefix); data/kmer-0~20150903+r2013/seagen/configuration.C:157:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, usageString, name); data/kmer-0~20150903+r2013/seagen/encodedQuery.C:170:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(rev, seq); data/kmer-0~20150903+r2013/seagen/filterEST-complicated.C:67:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(logFile, uint32FMT"] unique: aggressively filtered to "uint32FMT" hits out of "uint32FMT" hits.\n", data/kmer-0~20150903+r2013/seagen/filterEST-complicated.C:115:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(logFile, uint32FMT"] knee: filtered "uint32FMT" hits down to "uint32FMT" hits using threshold %f\n", data/kmer-0~20150903+r2013/seagen/filterEST-complicated.C:139:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(logFile, uint32FMT"] uniform: uniform signal strength, saving the first "uint32FMT" hits out of "uint32FMT" hits, best=%f, worst=%f\n", data/kmer-0~20150903+r2013/seagen/filterEST-complicated.C:174:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(logFile, uint32FMT"] diff: has no clear signal knee, saving the first "uint32FMT" hits out of "uint32FMT" hits, best=%f, worst=%f, largestdiff=%f\n", data/kmer-0~20150903+r2013/seagen/filterEST-complicated.C:228:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(logFile, uint32FMT"] spike: at "uint32FMT", "uint32FMT" hits saved: thresh=%f, "uint32FMT" hits, best=%f, worst=%f\n", data/kmer-0~20150903+r2013/seagen/filterEST-complicated.C:277:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(logFile, uint32FMT"] is an unclassified signal, "uint32FMT" hits saved out of "uint32FMT" hits, best=%f, worst=%f\n", data/kmer-0~20150903+r2013/seagen/filterEST.C:70:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, data/kmer-0~20150903+r2013/seagen/filterEST.C:241:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(logFile, uint32FMT"] %sFALSENEGATIVE %10.10s tp="uint32FMTW(7)" fp="uint32FMTW(7)" fn="uint32FMTW(7)" tn="uint32FMTW(7)"\n", data/kmer-0~20150903+r2013/seagen/hitConverter.C:19:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, uint32FMT" hits.\r", i); data/kmer-0~20150903+r2013/seagen/hitConverter.C:25:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, uint32FMT" hits.\r", i); data/kmer-0~20150903+r2013/seagen/hitConverter.C:46:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, uint32FMT" hits.\r", i); data/kmer-0~20150903+r2013/seagen/hitConverter.C:52:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, uint32FMT" hits.\r", i); data/kmer-0~20150903+r2013/seagen/test/encodedQueryTest.C:23:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(hdr, ">"uint32FMT, i); data/kmer-0~20150903+r2013/seagen/thr-output.C:59:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(str, uint32FMT"\n", query->numberOfResults()); data/kmer-0~20150903+r2013/seatac/configuration.C:117:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, usageString, name); data/kmer-0~20150903+r2013/seatac/filter-nop.C:66:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outstring, data/kmer-0~20150903+r2013/seatac/filterObj.H:81:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(soOpts, op_); data/kmer-0~20150903+r2013/seatac/filterObj.H:156:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(theOutput + theOutputPos, data/kmer-0~20150903+r2013/seatac/filterObj.H:193:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(matchIDstring, uint64FMT, matchid); data/kmer-0~20150903+r2013/seatac/heavychains-driver.C:98:19: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (12 != sscanf(linebuffer, data/kmer-0~20150903+r2013/seatac/sharedObj.H:20:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path, p); data/kmer-0~20150903+r2013/seatac/statObj.H:51:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(soOpts, op_); data/kmer-0~20150903+r2013/seatac/thr-loader.C:47:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, loadDesc, data/kmer-0~20150903+r2013/seatac/thr-search.C:89:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(threadStats[(long)U], srchGbye, data/kmer-0~20150903+r2013/seatac/thr-search.C:130:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, uint64FMT" Blocked by output (idx = "uint32FMT", outputPos = "uint32FMT").\n", (long)U, idx, outputPos); data/kmer-0~20150903+r2013/seatac/thr-search.C:164:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(threadStats[(long)U], srchGbye, (long)U, data/kmer-0~20150903+r2013/sim4db/sim4th.C:327:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str, "%s -Y "uint32FMT" "uint32FMT"\n", data/kmer-0~20150903+r2013/sim4db/sim4th.C:330:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str, "%s -N 0 0\n", p->script); data/kmer-0~20150903+r2013/sim4dbutils/cleanPolishes-20020626.C:83:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, usage, argv[0]); data/kmer-0~20150903+r2013/sim4dbutils/comparePolishes.C:40:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "%s.%s", prefix, suffix); data/kmer-0~20150903+r2013/sim4dbutils/comparePolishes.C:308:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, uint32FMT"\t"uint32FMT"\t"OLAPTFMT"\t%f\t%8.3f\t%8.3f\t"uint32FMT"\t"uint32FMT"\t"uint32FMT"\t%8.3f\t%8.3f\t"uint32FMT"\t"uint32FMT"\t"uint32FMT"\n", data/kmer-0~20150903+r2013/sim4dbutils/convertToExtent.C:110:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(E, W[0] + ((W[0][0] == '>') ? 1 : 0)); data/kmer-0~20150903+r2013/sim4dbutils/convertToExtent.C:118:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(G, W[0] + ((W[0][0] == '>') ? 1 : 0)); data/kmer-0~20150903+r2013/sim4dbutils/depthOfPolishes.C:103:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, uint32FMT"\t"uint32FMT"\t%.2f\t%.2f\t%.2f\t%.2f\t%.2f\t%.2f\t%.2f\t%.2f\t%.2f\n", data/kmer-0~20150903+r2013/sim4dbutils/detectChimera.C:129:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, uint32FMTW(3)"-"uint32FMTW(3)" %s%s ("uint32FMT","uint32FMT")\n", data/kmer-0~20150903+r2013/sim4dbutils/detectChimera.C:143:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(lastdefline, p->_estDefLine); data/kmer-0~20150903+r2013/sim4dbutils/filterPolishes.C:240:15: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s.%04d", filePrefixGOOD, (int)p->_genID); data/kmer-0~20150903+r2013/sim4dbutils/mappedCoverage.C:208:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(seq, S->sequence()); data/kmer-0~20150903+r2013/sim4dbutils/mappedCoverage.C:242:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(C, uint32FMT"\t"uint32FMT"\t%5.3f\t"uint32FMT"\t"uint32FMT"\n", data/kmer-0~20150903+r2013/sim4dbutils/parseSNP.C:437:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "%s-multi-multi", argv[arg]); data/kmer-0~20150903+r2013/sim4dbutils/parseSNP.C:440:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "%s-multi-single", argv[arg]); data/kmer-0~20150903+r2013/sim4dbutils/parseSNP.C:443:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "%s-single-multi", argv[arg]); data/kmer-0~20150903+r2013/sim4dbutils/parseSNP.C:446:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "%s-single-single", argv[arg]); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:82:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mr.seqName, W[0]); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:83:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mr.refName, W[6]); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:109:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mr.seqName, p->_estDefLine); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:110:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mr.refName, p->_genDefLine); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:174:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mr.seqName, W[10]); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:175:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mr.refName, W[9]); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:245:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mr.seqName, W[10]); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:246:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mr.refName, W[9]); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:449:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "%s.pairLog", out); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:452:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "%s.duplicates", out); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:455:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "%s.stats", out); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPolish.C:35:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(O, uint32FMTW(8)" "uint32FMTW(8)" "uint32FMTW(4)" "uint32FMTW(4), data/kmer-0~20150903+r2013/sim4dbutils/pickUniquePolish-nhgri.C:139:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(sFile, uint32FMT"\t"uint32FMT"\t"uint32FMT"\t"uint32FMT"\t"uint32FMT"\t"uint32FMT"\t"uint32FMT"\t%c\n", data/kmer-0~20150903+r2013/sim4dbutils/pickUniquePolish-nhgri.C:475:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dcpy, S->header()); data/kmer-0~20150903+r2013/sim4dbutils/pickUniquePolish-nhgri.C:560:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "bzip2 -1c > %s", argv[arg]); data/kmer-0~20150903+r2013/sim4dbutils/pickUniquePolish-nhgri.C:561:17: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. oFile = popen(cmd, "w"); data/kmer-0~20150903+r2013/sim4dbutils/pickUniquePolish-nhgri.C:564:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "gzip -1c > %s", argv[arg]); data/kmer-0~20150903+r2013/sim4dbutils/pickUniquePolish-nhgri.C:565:17: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. oFile = popen(cmd, "w"); data/kmer-0~20150903+r2013/sim4dbutils/pickUniquePolish-nhgri.C:585:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "bzip2 -1c > %s", argv[arg]); data/kmer-0~20150903+r2013/sim4dbutils/pickUniquePolish-nhgri.C:587:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "gzip -1c > %s", argv[arg]); data/kmer-0~20150903+r2013/sim4dbutils/pickUniquePolish-nhgri.C:589:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "cat > %s", argv[arg]); data/kmer-0~20150903+r2013/sim4dbutils/pickUniquePolish-nhgri.C:590:15: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. uFile = popen(cmd, "w"); data/kmer-0~20150903+r2013/sim4dbutils/plotCoverageVsIdentity.C:32:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(S, uint32FMT" "uint32FMT"\n", p->_percentIdentity, p->_querySeqIdentity); data/kmer-0~20150903+r2013/sim4dbutils/removeRedundant.C:124:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, uint32FMTW(3)": "uint32FMTW(3)"--"uint32FMTW(3)"\n", data/kmer-0~20150903+r2013/sim4dbutils/reportAlignmentDifferences.C:71:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(datName, "%s.dat", outPrefix); data/kmer-0~20150903+r2013/sim4dbutils/reportAlignmentDifferences.C:72:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(gnuName, "%s.gnuplot", outPrefix); data/kmer-0~20150903+r2013/sim4dbutils/reportAlignmentDifferences.C:73:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pngName, "%s.png", outPrefix); data/kmer-0~20150903+r2013/sim4dbutils/reportAlignmentDifferences.C:200:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(gnuCmd, "gnuplot < %s", gnuName); data/kmer-0~20150903+r2013/sim4dbutils/reportAlignmentDifferences.C:201:3: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(gnuCmd); data/kmer-0~20150903+r2013/sim4dbutils/summarizePolishes.C:244:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, uint32FMT"\t"uint32FMT"\t"uint32FMT"\t"uint32FMT"\t"uint32FMT"\t"uint32FMT"\n", id[i], cv[c], mapped, notmapped, uniqest, uniqgen); data/kmer-0~20150903+r2013/sim4dbutils/summarizePolishes.C:247:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, uint32FMTW(3)" "uint32FMTW(3)": mapped="uint32FMTW(8)" notmapped="uint32FMTW(8)" est="uint32FMTW(8)" gen="uint32FMTW(8)"\n", id[i], cv[c], mapped, notmapped, uniqest, uniqgen); data/kmer-0~20150903+r2013/sim4dbutils/trimExons.C:27:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, usage, argv[0]); data/kmer-0~20150903+r2013/sim4dbutils/vennPolishes.C:73:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, uint32FMT"\n", thisguy); data/kmer-0~20150903+r2013/sim4dbutils/vennPolishes.C:85:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, usage, argv[0]); data/kmer-0~20150903+r2013/sim4dbutils/vennPolishes.C:169:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, uint32FMTW(3)" ", id); data/kmer-0~20150903+r2013/sim4dbutils/vennPolishes.C:171:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, uint32FMTW(8)" ", sizes[i]); data/kmer-0~20150903+r2013/sim4dbutils/vennPolishes.C:186:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, uint32FMTW(4)" [", index); data/kmer-0~20150903+r2013/tapper/tagger.C:354:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(errors, errort); data/kmer-0~20150903+r2013/tapper/tagger.C:444:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fragout, "%s.frag.tapperTags", prefix); data/kmer-0~20150903+r2013/tapper/tagger.C:445:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(mateout, "%s.mate.tapperTags", prefix); data/kmer-0~20150903+r2013/tapper/tapperGlobalData.H:102:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(colName, "%s.colorspace", genName); data/kmer-0~20150903+r2013/tapper/tapperGlobalData.H:144:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(colName, "%s.ms"uint32FMT".ce"uint32FMT".posDB", genName, tagSize, maxColorError); data/kmer-0~20150903+r2013/tapper/tapperHit.H:17:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(OS, "0x"uint64FMT"\t"uint32FMT":"uint32FMT":%c\t"uint64FMT","uint64FMT","uint64FMT, data/kmer-0~20150903+r2013/tapper/tapperResult.H:413:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s/tapperMappedIndex", prefix); data/kmer-0~20150903+r2013/tapper/tapperResult.H:416:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s/tapperMappedFragment", prefix); data/kmer-0~20150903+r2013/tapper/tapperResult.H:419:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s/tapperMappedSingleton", prefix); data/kmer-0~20150903+r2013/tapper/tapperResult.H:422:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s/tapperMappedTangledAlignment", prefix); data/kmer-0~20150903+r2013/tapper/tapperResult.H:425:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s/tapperMappedMated", prefix); data/kmer-0~20150903+r2013/tapper/tapperResult.H:428:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s/tapperMappedTangled", prefix); data/kmer-0~20150903+r2013/tapper/tapperResult.H:431:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s/tapperMappedAlignQual", prefix); data/kmer-0~20150903+r2013/tapper/tappererrorcorrect.C:220:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, uint32FMTW(03)"] %s\n", i, lines[i]); data/kmer-0~20150903+r2013/tapper/tappererrorcorrect.C:247:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(linp, "rec "uint64HEX" "uint32FMT":"uint32FMT, data/kmer-0~20150903+r2013/tapper/tappersort.C:148:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s."uint32FMTW(03)".tapperAlignment", outputName, outputIndex); data/kmer-0~20150903+r2013/tapper/tappersort.C:257:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s."uint32FMTW(03)".tapperAlignment", outputName, x); data/kmer-0~20150903+r2013/tapper/tappersort.C:263:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s.tapperAlignment", outputName); data/kmer-0~20150903+r2013/tapper/tappersort.C:299:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s."uint32FMTW(03)".tapperAlignment", outputName, x); data/kmer-0~20150903+r2013/trie/trie.C:276:17: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, uint32FMT"["uint32FMT"-0-0] "uint32FMT"[0-0] <"uint32FMT"-0-100-%s-unknown>\n", data/kmer-0~20150903+r2013/libutil/test/test-bitPackedFile.C:148:26: [3] (random) lrand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. uint32 idx = (uint32)lrand48() % testSize; data/kmer-0~20150903+r2013/seagen/test/intervalList-test.C:72:26: [3] (random) drand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. G->addInterval(floor(drand48() * (TEST_SIZE - 10))); data/kmer-0~20150903+r2013/seagen/test/intervalList-test.C:84:22: [3] (random) drand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. uint32 j = floor(drand48() * (TEST_SIZE - 10)); data/kmer-0~20150903+r2013/seagen/test/intervalList-test.C:87:9: [3] (random) drand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (drand48() < 0.5) data/kmer-0~20150903+r2013/sim4dbutils/filterPolishes.C:257:23: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. pmod += 8888 + (random() % 1000); data/kmer-0~20150903+r2013/ESTmapper/mergeCounts.C:20:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). Fs[i-1] = fopen(argv[i], "r"); data/kmer-0~20150903+r2013/ESTmapper/mergeCounts.C:27:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/kmer-0~20150903+r2013/ESTmapper/mergeCounts.C:37:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). count += atoi(buf); data/kmer-0~20150903+r2013/ESTmapper/terminate.C:35:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inFile = fopen(infile, "r"); data/kmer-0~20150903+r2013/ESTmapper/terminate.C:41:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). otFile = fopen(otfile, "w"); data/kmer-0~20150903+r2013/ESTmapper/terminate.C:121:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). defaultOut = fopen(argv[++arg], "w"); data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap-find.C:147:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[6] = {'U', '1', 'Y', 'N', '?', '!'}; data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap-find.C:213:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char l[64]; data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap-find.C:214:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(l, "extra middle 1 %c", label[i]); data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap-find.C:216:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(l, "extra middle 2 %c", label[i]); data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap-span.H:59:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(X, _matches, sizeof(uint32) * _matchesLen); data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap-span.H:85:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(l->_matches, _matches, sizeof(uint32) * _matchesLen); data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap-span.H:90:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r->_matches, _matches, sizeof(uint32) * _matchesLen); data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap-stats.H:57:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1024]; data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap-stats.H:60:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *out = fopen(filename, "w"); data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap.C:94:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outname[1024]; data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap.C:104:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outfile = fopen(outname, "w"); data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap.C:117:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outfile = fopen(outname, "w"); data/kmer-0~20150903+r2013/atac-driver/alignOverlap/overlap.C:142:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outfile = fopen(outname, "w"); data/kmer-0~20150903+r2013/atac-driver/chainer/localalign/GF_ALN_local.C:120:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char WCinvert[256]; data/kmer-0~20150903+r2013/atac-driver/chainer/localalign/GF_ALN_pieceOlap.C:174:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *aseg[2]={NULL,NULL},*bseg[2]={NULL,NULL}; data/kmer-0~20150903+r2013/atac-driver/chimera/happy-clones-span-clumps.C:303:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inl[1024]; data/kmer-0~20150903+r2013/atac-driver/chimera/happy-clones-span-clumps.C:309:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inf = fopen(clumpFile, "r"); data/kmer-0~20150903+r2013/atac-driver/chimera/happy-clones-span-clumps.C:333:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ct->addMatch(atoi(scfid + 1), data/kmer-0~20150903+r2013/atac-driver/chimera/happy-clones-span-clumps.C:334:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(S[13]), data/kmer-0~20150903+r2013/atac-driver/chimera/happy-clones-span-clumps.C:335:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(S[9]), data/kmer-0~20150903+r2013/atac-driver/chimera/happy-clones-span-clumps.C:336:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(S[10])); data/kmer-0~20150903+r2013/atac-driver/chimera/happy-clones-span-clumps.C:396:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(uidmapName, "r"); data/kmer-0~20150903+r2013/atac-driver/chimera/happy-clones-span-clumps.C:400:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char L[1024]; data/kmer-0~20150903+r2013/atac-driver/chimera/happy-clones-span-clumps.C:416:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ina[1024]; data/kmer-0~20150903+r2013/atac-driver/chimera/happy-clones-span-clumps.C:417:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inb[1024]; data/kmer-0~20150903+r2013/atac-driver/chimera/happy-clones-span-clumps.C:422:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inf = fopen(happyFile, "r"); data/kmer-0~20150903+r2013/atac-driver/chimera/happy-clones-span-clumps.C:442:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(A[8]), data/kmer-0~20150903+r2013/atac-driver/chimera/happy-clones-span-clumps.C:443:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(A[9])); data/kmer-0~20150903+r2013/atac-driver/chimera/happy-clones-span-clumps.C:445:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(B[8]), data/kmer-0~20150903+r2013/atac-driver/chimera/happy-clones-span-clumps.C:446:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(B[9])); data/kmer-0~20150903+r2013/atac-driver/clumpMaker/clumpMaker.C:225:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). clumpcost = atoi(argv[++arg]); data/kmer-0~20150903+r2013/atac-driver/clumpMaker/clumpMaker.C:227:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxjump = atoi(argv[++arg]); data/kmer-0~20150903+r2013/atac-driver/gapShifter/alignUnmapped.C:76:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). Aoutput = fopen(argv[++arg], "w"); data/kmer-0~20150903+r2013/atac-driver/gapShifter/alignUnmapped.C:81:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). Boutput = fopen(argv[++arg], "w"); data/kmer-0~20150903+r2013/atac-driver/gapShifter/cleanAtac.C:51:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). discardLength = atoi(argv[++arg]); data/kmer-0~20150903+r2013/atac-driver/gapShifter/cleanAtac.C:153:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1000]; data/kmer-0~20150903+r2013/atac-driver/gapShifter/correctGaps.C:45:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). logFile = fopen(argv[++arg], "w"); data/kmer-0~20150903+r2013/atac-driver/gapShifter/extractSequence.C:55:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *R = fopen(name, "w"); data/kmer-0~20150903+r2013/atac-driver/gapShifter/extractUnmapped.C:200:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(M, matches, sizeof(atacMatch *) * matchesLen); data/kmer-0~20150903+r2013/atac-driver/gapShifter/extractUnmapped.C:472:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *R = fopen(name, "w"); data/kmer-0~20150903+r2013/atac-driver/gapShifter/extractUnmapped.C:528:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(trFile, "r"); data/kmer-0~20150903+r2013/atac-driver/gapShifter/extractUnmapped.C:532:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char L[1024] = { 0 }; data/kmer-0~20150903+r2013/atac-driver/gapShifter/gapShifter.C:582:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str1[1024]; data/kmer-0~20150903+r2013/atac-driver/gapShifter/gapShifter.C:583:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str2[1024]; data/kmer-0~20150903+r2013/atac-driver/gapShifter/gapShifter.C:584:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str3[1024]; data/kmer-0~20150903+r2013/atac-driver/gapShifter/gapShifter.C:709:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). logFile = fopen(logFileName, "w"); data/kmer-0~20150903+r2013/atac-driver/gapShifter/projectFeatures.C:49:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). logFile = fopen(argv[++arg], "w"); data/kmer-0~20150903+r2013/atac-driver/gapShifter/testAtac.C:93:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1000]; data/kmer-0~20150903+r2013/atac-driver/lengthFilter/lengthFilter.C:46:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(inLine, "/globalMatchMinSize="uint32FMT"\n", minLength); data/kmer-0~20150903+r2013/atac-driver/lengthFilter/lengthFilter.C:68:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inLine[1024] = {0}; data/kmer-0~20150903+r2013/atac-driver/libatac/atac.H:59:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _fileA[1024]; // The name of our genome files data/kmer-0~20150903+r2013/atac-driver/libatac/atac.H:60:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _fileB[1024]; data/kmer-0~20150903+r2013/atac-driver/libatac/atac.H:62:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _labelA[256]; // The label of each of the sequences data/kmer-0~20150903+r2013/atac-driver/libatac/atac.H:63:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _labelB[256]; data/kmer-0~20150903+r2013/atac-driver/libatac/atac.H:78:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. atacFeature *nextFeature(char type[4]); data/kmer-0~20150903+r2013/atac-driver/libatac/atac.H:82:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _inLine[1024]; data/kmer-0~20150903+r2013/atac-driver/libatac/atac.H:101:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. atacFeature *nextFeature(char type[4]); data/kmer-0~20150903+r2013/atac-driver/libatac/atacFeature.H:64:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char featureuid[16]; data/kmer-0~20150903+r2013/atac-driver/libatac/atacFeature.H:65:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char parentuid[16]; data/kmer-0~20150903+r2013/atac-driver/libatac/atacFeature.H:67:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[4]; data/kmer-0~20150903+r2013/atac-driver/libatac/atacFeatureList.C:43:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(A, _features, sizeof(atacFeature) * _featuresLen); data/kmer-0~20150903+r2013/atac-driver/libatac/atacFeatureList.C:48:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&_features[_featuresLen], &m, sizeof(atacFeature)); data/kmer-0~20150903+r2013/atac-driver/libatac/atacFile.C:45:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _inFile = fopen(filename, "r"); data/kmer-0~20150903+r2013/atac-driver/libatac/atacFile.C:84:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. atacFileStream::nextFeature(char type[4]) { data/kmer-0~20150903+r2013/atac-driver/libatac/atacFile.C:120:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inLine[1024]; data/kmer-0~20150903+r2013/atac-driver/libatac/atacFile.C:124:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inFile = fopen(filename, "r"); data/kmer-0~20150903+r2013/atac-driver/libatac/atacFileStreamMerge.C:86:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(F, _files, sizeof(afsm) * _filesLen); data/kmer-0~20150903+r2013/atac-driver/libatac/atacFileStreamMerge.C:170:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. atacFileStreamMerge::nextFeature(char type[4]) { data/kmer-0~20150903+r2013/atac-driver/libatac/atacMatch.H:56:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char matchuid[16]; // external id data/kmer-0~20150903+r2013/atac-driver/libatac/atacMatch.H:57:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char parentuid[16]; // external parent id data/kmer-0~20150903+r2013/atac-driver/libatac/atacMatch.H:59:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[4]; // right now, only need one byte, but we keep things aligned data/kmer-0~20150903+r2013/atac-driver/libatac/atacMatchList.C:43:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(A, _matches, sizeof(atacMatch) * _matchesLen); data/kmer-0~20150903+r2013/atac-driver/libatac/atacMatchList.C:48:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&_matches[_matchesLen], &m, sizeof(atacMatch)); data/kmer-0~20150903+r2013/atac-driver/libatac/atacMatchOrder.C:36:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&n, l, sizeof(atacMatch)); data/kmer-0~20150903+r2013/atac-driver/libatac/atacMatchOrder.C:50:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(l, &n, sizeof(atacMatch)); data/kmer-0~20150903+r2013/atac-driver/libatac/fasta-accessor-test.C:79:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sub[1000]; data/kmer-0~20150903+r2013/atac-driver/libatac/fasta-accessor-test.C:124:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sub[1000]; data/kmer-0~20150903+r2013/atac-driver/matchExtender/match.H:14:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _matchId[32]; data/kmer-0~20150903+r2013/atac-driver/matchExtender/matchExtender-dump.C:56:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(seq, ">>> "); data/kmer-0~20150903+r2013/atac-driver/mismatchCounter/mismatchCounter.C:201:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *O = fopen("MismatchCounter.block.histogram.out", "w"); data/kmer-0~20150903+r2013/atac-driver/statsGenerator/statsGenerator.C:67:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e, _e, sizeof(uint32) * _eLen); data/kmer-0~20150903+r2013/atac-driver/statsGenerator/statsGenerator.C:98:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1024]; data/kmer-0~20150903+r2013/atac-driver/statsGenerator/statsGenerator.C:100:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *out = fopen(filename, "w"); data/kmer-0~20150903+r2013/atac-driver/statsGenerator/statsGenerator.C:126:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1024]; data/kmer-0~20150903+r2013/atac-driver/statsGenerator/statsGenerator.C:128:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *out = fopen(filename, "w"); data/kmer-0~20150903+r2013/atac-driver/statsGenerator/statsGenerator.C:397:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1024]; data/kmer-0~20150903+r2013/atac-driver/statsGenerator/statsGenerator.C:399:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *out = fopen(filename, "w"); data/kmer-0~20150903+r2013/atac-driver/statsGenerator/statsGenerator.C:418:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(filename, "w"); data/kmer-0~20150903+r2013/atac-driver/statsGenerator/statsGenerator.C:514:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[1024]; data/kmer-0~20150903+r2013/atac-driver/statsGenerator/statsGenerator.C:516:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(label, "chr"uint32FMTW(02)"full", c); data/kmer-0~20150903+r2013/atac-driver/statsGenerator/statsGenerator.C:520:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(label, "chr"uint32FMTW(02)"acgt", c); data/kmer-0~20150903+r2013/atac-driver/statsGenerator/statsGenerator.C:657:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefixFull[1024]; data/kmer-0~20150903+r2013/atac-driver/uniqueFilter/uniqueFilter.C:490:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&extent, matches, sizeof(match_s)); data/kmer-0~20150903+r2013/leaff/fragmenter.C:51:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). O = fopen(argv[++arg], "w"); data/kmer-0~20150903+r2013/leaff/fragmenter.C:56:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). L = fopen(argv[++arg], "w"); data/kmer-0~20150903+r2013/leaff/leaff.C:28:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char translate[256] = {0}; data/kmer-0~20150903+r2013/leaff/leaff.C:225:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char d[1024]; data/kmer-0~20150903+r2013/leaff/leaff.C:358:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newid, id, sizeof(char) * idLen); data/kmer-0~20150903+r2013/leaff/leaff.C:452:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bases[4] = {'A', 'C', 'G', 'T'}; data/kmer-0~20150903+r2013/leaff/leaff.C:575:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sum[33]; data/kmer-0~20150903+r2013/leaff/leaff.C:710:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). F = fopen(filename, "r"); data/kmer-0~20150903+r2013/leaff/leaff.C:735:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmpd, data, pos); data/kmer-0~20150903+r2013/leaff/leaff.C:765:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. argv = new char * [argc]; data/kmer-0~20150903+r2013/leaff/partition.C:49:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1024]; data/kmer-0~20150903+r2013/leaff/partition.C:65:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *file = fopen(filename, "w"); data/kmer-0~20150903+r2013/leaff/simseq.C:123:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char let_4[4] = {'A','C','G','T'}; data/kmer-0~20150903+r2013/leaff/simseq.C:124:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char let_3A[3] = {'C','G','T'}; data/kmer-0~20150903+r2013/leaff/simseq.C:125:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char let_3C[3] = {'A','G','T'}; data/kmer-0~20150903+r2013/leaff/simseq.C:126:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char let_3G[3] = {'A','C','T'}; data/kmer-0~20150903+r2013/leaff/simseq.C:127:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char let_3T[3] = {'A','C','G'}; data/kmer-0~20150903+r2013/libbio/alphabet-generate.c:7:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char whitespaceSymbol[256]; data/kmer-0~20150903+r2013/libbio/alphabet-generate.c:8:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char toLower[256]; data/kmer-0~20150903+r2013/libbio/alphabet-generate.c:9:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char toUpper[256]; data/kmer-0~20150903+r2013/libbio/alphabet-generate.c:11:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char letterToBits[256]; data/kmer-0~20150903+r2013/libbio/alphabet-generate.c:12:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bitsToLetter[256]; data/kmer-0~20150903+r2013/libbio/alphabet-generate.c:13:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bitsToColor[256]; data/kmer-0~20150903+r2013/libbio/alphabet-generate.c:15:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char complementSymbol[256]; data/kmer-0~20150903+r2013/libbio/alphabet-generate.c:16:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char validCompressedSymbol[256]; data/kmer-0~20150903+r2013/libbio/alphabet-generate.c:18:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char IUPACidentity[128][128]; data/kmer-0~20150903+r2013/libbio/alphabet-generate.c:19:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char baseToColor[128][128]; data/kmer-0~20150903+r2013/libbio/alphabet-generate.c:31:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *C = fopen("alphabet.c", "w"); data/kmer-0~20150903+r2013/libbio/alphabet-generate.c:32:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *H = fopen("alphabet.h", "w"); data/kmer-0~20150903+r2013/libbio/alphabet.c:5:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char whitespaceSymbol[256] = { 0,0,0,0,0,0,0,0,0,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 }; data/kmer-0~20150903+r2013/libbio/alphabet.c:6:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char toLower[256] = { 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255 }; data/kmer-0~20150903+r2013/libbio/alphabet.c:7:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char toUpper[256] = { 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255 }; data/kmer-0~20150903+r2013/libbio/alphabet.c:8:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char letterToBits[256] = { 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,0,1,2,3,255,255,255,255,255,255,255,255,255,255,255,255,255,0,255,1,255,255,255,2,255,255,255,255,255,255,255,255,255,255,255,255,3,255,255,255,255,255,255,255,255,255,255,255,255,0,255,1,255,255,255,2,255,255,255,255,255,255,255,255,255,255,255,255,3,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255 }; data/kmer-0~20150903+r2013/libbio/alphabet.c:9:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bitsToLetter[256] = { 65,67,71,84,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63 }; data/kmer-0~20150903+r2013/libbio/alphabet.c:10:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bitsToColor[256] = { 48,49,50,51,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63 }; data/kmer-0~20150903+r2013/libbio/alphabet.c:11:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char complementSymbol[256] = { 63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,48,49,50,51,63,63,63,63,63,63,63,63,63,63,63,63,63,84,86,71,72,63,63,67,68,63,63,77,63,75,78,63,63,63,89,87,65,65,66,83,63,82,63,63,63,63,63,63,63,116,118,103,104,63,63,99,100,63,63,109,63,107,110,63,63,63,121,119,97,97,98,115,63,114,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63 }; data/kmer-0~20150903+r2013/libbio/alphabet.c:12:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char IUPACidentity[128][128] = { data/kmer-0~20150903+r2013/libbio/alphabet.c:142:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char baseToColor[128][128] = { data/kmer-0~20150903+r2013/libbio/alphabet.h:10:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern unsigned char whitespaceSymbol[256]; data/kmer-0~20150903+r2013/libbio/alphabet.h:11:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern unsigned char toLower[256]; data/kmer-0~20150903+r2013/libbio/alphabet.h:12:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern unsigned char toUpper[256]; data/kmer-0~20150903+r2013/libbio/alphabet.h:13:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern unsigned char letterToBits[256]; data/kmer-0~20150903+r2013/libbio/alphabet.h:14:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern unsigned char bitsToLetter[256]; data/kmer-0~20150903+r2013/libbio/alphabet.h:15:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern unsigned char bitsToColor[256]; data/kmer-0~20150903+r2013/libbio/alphabet.h:16:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern unsigned char complementSymbol[256]; data/kmer-0~20150903+r2013/libbio/alphabet.h:17:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern unsigned char IUPACidentity[128][128]; data/kmer-0~20150903+r2013/libbio/alphabet.h:18:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern unsigned char baseToColor[128][128]; data/kmer-0~20150903+r2013/libbio/merList.H:31:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, _ptrs, sizeof(coord*) * _ptrsLen); data/kmer-0~20150903+r2013/libbio/test/test-bigmer-msf.C:41:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dna[4] = { 'A', 'C', 'G', 'T' }; data/kmer-0~20150903+r2013/libbio/test/test-bigmer-msf.C:43:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(FASTA_FILENAME, "w"); data/kmer-0~20150903+r2013/libbio/test/test-bigmer-msf.C:76:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mseq[TEST_SIZE * MERS_PER_SEQ + 1]; data/kmer-0~20150903+r2013/libbio/test/test-bigmer-msf.C:130:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char copy[TEST_SIZE + 1]; data/kmer-0~20150903+r2013/libbio/test/test-bigmer-msf.C:143:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[1025]; data/kmer-0~20150903+r2013/libbio/test/test-bigmer-msf.C:155:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[1025]; data/kmer-0~20150903+r2013/libbio/test/test-setbits.C:9:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[256]; data/kmer-0~20150903+r2013/libkmer/driver-existDB.C:115:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). DUMP = fopen("testExhaustive.ms.dump", "w"); data/kmer-0~20150903+r2013/libkmer/driver-existDB.C:131:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). DUMP = fopen("testExhaustive.ck.dump", "w"); data/kmer-0~20150903+r2013/libkmer/driver-existDB.C:199:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mersize = atoi(argv[arg]); data/kmer-0~20150903+r2013/libkmer/driver-posDB.C:35:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[33]; data/kmer-0~20150903+r2013/libkmer/driver-posDB.C:89:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[33]; data/kmer-0~20150903+r2013/libkmer/existDB-state.C:9:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char magic[16] = { 'e', 'x', 'i', 's', 't', 'D', 'B', '2', data/kmer-0~20150903+r2013/libkmer/existDB-state.C:15:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cigam[16] = { 0 }; data/kmer-0~20150903+r2013/libkmer/existDB-state.C:18:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(filename, "wb"); data/kmer-0~20150903+r2013/libkmer/existDB-state.C:71:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cigam[16]; data/kmer-0~20150903+r2013/libkmer/existDB-state.C:74:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(filename, "rb"); data/kmer-0~20150903+r2013/libkmer/positionDB-access.C:26:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pp, posn, sizeof(uint64) * posnLen); data/kmer-0~20150903+r2013/libkmer/positionDB-dump.C:12:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(name, "w"); data/kmer-0~20150903+r2013/libkmer/positionDB-file.C:9:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[16] = { 'p', 'o', 's', 'i', 't', 'i', 'o', 'n', 'D', 'B', '.', 'v', '1', ' ', ' ', ' ' }; data/kmer-0~20150903+r2013/libkmer/positionDB-file.C:11:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char faild[16] = { 'p', 'o', 's', 'i', 't', 'i', 'o', 'n', 'D', 'B', 'f', 'a', 'i', 'l', 'e', 'd' }; data/kmer-0~20150903+r2013/libkmer/positionDB-file.C:19:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int F = open(filename, O_RDWR | O_CREAT | O_LARGEFILE, data/kmer-0~20150903+r2013/libkmer/positionDB-file.C:108:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cigam[16] = { 0 }; data/kmer-0~20150903+r2013/libkmer/positionDB-file.C:113:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int F = open(filename, O_RDONLY | O_LARGEFILE, 0); data/kmer-0~20150903+r2013/libkmer/positionDB-mismatch.C:39:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[1024] = {0}; data/kmer-0~20150903+r2013/libkmer/positionDB-mismatch.C:277:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_hashedErrors, strings, sizeof(uint64) * _hashedErrorsLen); data/kmer-0~20150903+r2013/libkmer/positionDB.C:476:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[33]; data/kmer-0~20150903+r2013/libkmer/test/test-maskonly.C:65:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char themer[1000]; data/kmer-0~20150903+r2013/libmeryl/libmeryl.C:40:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Imagic[16] = {0}; data/kmer-0~20150903+r2013/libmeryl/libmeryl.C:41:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Dmagic[16] = {0}; data/kmer-0~20150903+r2013/libmeryl/libmeryl.C:42:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Pmagic[16] = {0}; data/kmer-0~20150903+r2013/libmeryl/libmeryl.C:95:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uint32 version = atoi(Imagic + 13); data/kmer-0~20150903+r2013/libmeryl/libmeryl.C:403:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[1024]; data/kmer-0~20150903+r2013/libseq/fastaFile.C:207:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(H, h, hLen); data/kmer-0~20150903+r2013/libseq/fastaFile.C:231:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(S, s, sLen); data/kmer-0~20150903+r2013/libseq/fastaFile.C:321:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(_typename, "FastA"); data/kmer-0~20150903+r2013/libseq/fastaFile.C:350:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *I = fopen(indexname, "r"); data/kmer-0~20150903+r2013/libseq/fastaFile.C:377:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. _names = new char [_header._namesLength]; data/kmer-0~20150903+r2013/libseq/fastaFile.C:400:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indexname[FILENAME_MAX]; data/kmer-0~20150903+r2013/libseq/fastaFile.C:405:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(indexname, "idx"); data/kmer-0~20150903+r2013/libseq/fastaFile.C:407:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(indexname, ".fastaidx"); data/kmer-0~20150903+r2013/libseq/fastaFile.C:481:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nt, _names, namesLen); data/kmer-0~20150903+r2013/libseq/fastaFile.C:496:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nt, _names, namesLen); data/kmer-0~20150903+r2013/libseq/fastaFile.C:540:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(et, _index, sizeof(fastaFileIndex) * indexLen); data/kmer-0~20150903+r2013/libseq/fastaFile.C:578:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *I = fopen(indexname, "w"); data/kmer-0~20150903+r2013/libseq/fastaStdin.C:12:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(_filename, "(stdin)"); data/kmer-0~20150903+r2013/libseq/fastaStdin.C:51:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[32 + fl]; data/kmer-0~20150903+r2013/libseq/fastaStdin.C:138:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(h, _header, _headerLen + 1); data/kmer-0~20150903+r2013/libseq/fastaStdin.C:141:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, _sequence, _sequenceLen + 1); data/kmer-0~20150903+r2013/libseq/fastaStdin.C:170:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(_typename, "FastAstream"); data/kmer-0~20150903+r2013/libseq/fastaStdin.C:233:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(H, h, hLen); data/kmer-0~20150903+r2013/libseq/fastaStdin.C:253:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(S, s, sLen); data/kmer-0~20150903+r2013/libseq/fastqFile.C:197:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(H, h, hLen); data/kmer-0~20150903+r2013/libseq/fastqFile.C:221:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(S, s, sLen); data/kmer-0~20150903+r2013/libseq/fastqFile.C:318:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(_typename, "Fastq"); data/kmer-0~20150903+r2013/libseq/fastqFile.C:347:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *I = fopen(indexname, "r"); data/kmer-0~20150903+r2013/libseq/fastqFile.C:372:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. _names = new char [_header._namesLength]; data/kmer-0~20150903+r2013/libseq/fastqFile.C:395:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indexname[FILENAME_MAX]; data/kmer-0~20150903+r2013/libseq/fastqFile.C:400:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(indexname, "idx"); data/kmer-0~20150903+r2013/libseq/fastqFile.C:402:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(indexname, ".fastqidx"); data/kmer-0~20150903+r2013/libseq/fastqFile.C:476:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nt, _names, namesLen); data/kmer-0~20150903+r2013/libseq/fastqFile.C:491:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nt, _names, namesLen); data/kmer-0~20150903+r2013/libseq/fastqFile.C:536:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(et, _index, sizeof(fastqFileIndex) * indexLen); data/kmer-0~20150903+r2013/libseq/fastqFile.C:586:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *I = fopen(indexname, "w"); data/kmer-0~20150903+r2013/libseq/fastqStdin.C:12:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(_filename, "(stdin)"); data/kmer-0~20150903+r2013/libseq/fastqStdin.C:51:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[32 + fl]; data/kmer-0~20150903+r2013/libseq/fastqStdin.C:138:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(h, _header, _headerLen + 1); data/kmer-0~20150903+r2013/libseq/fastqStdin.C:141:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, _sequence, _sequenceLen + 1); data/kmer-0~20150903+r2013/libseq/fastqStdin.C:170:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(_typename, "FastQstream"); data/kmer-0~20150903+r2013/libseq/fastqStdin.C:233:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(H, h, hLen); data/kmer-0~20150903+r2013/libseq/fastqStdin.C:253:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(S, s, sLen); data/kmer-0~20150903+r2013/libseq/merStream.H:53:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char merstring[256]; data/kmer-0~20150903+r2013/libseq/seqCache.H:45:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(h, _header, _headerLen + 1); data/kmer-0~20150903+r2013/libseq/seqCache.H:46:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, _seq, _seqLen + 1); data/kmer-0~20150903+r2013/libseq/seqFile.H:44:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _filename[FILENAME_MAX]; data/kmer-0~20150903+r2013/libseq/seqFile.H:45:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _typename[FILENAME_MAX]; data/kmer-0~20150903+r2013/libseq/seqStore.C:17:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(_filename, "r"); data/kmer-0~20150903+r2013/libseq/seqStore.C:70:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(filename, "r"); data/kmer-0~20150903+r2013/libseq/seqStore.C:154:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(h, _names + _index[iid]._hdrPosition, _index[iid]._hdrLength); data/kmer-0~20150903+r2013/libseq/seqStore.C:281:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(_typename, "seqStore"); data/kmer-0~20150903+r2013/libseq/seqStore.C:313:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(_filename, "r"); data/kmer-0~20150903+r2013/libseq/seqStore.C:326:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. _names = new char [_header._namesLength]; data/kmer-0~20150903+r2013/libseq/seqStore.C:395:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nb, BLOK, BLOKlen * sizeof(seqStoreBlock)); data/kmer-0~20150903+r2013/libseq/seqStore.C:441:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(I, INDX, sizeof(seqStoreIndex) * nSequences); data/kmer-0~20150903+r2013/libseq/seqStore.C:473:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nm, NAME, sizeof(char) * NAMElen); data/kmer-0~20150903+r2013/libseq/seqStore.C:588:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(filename, "r+"); data/kmer-0~20150903+r2013/libseq/sffFile.C:108:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(name, "r"); data/kmer-0~20150903+r2013/libseq/sffFile.C:195:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(_typename, "SFF"); data/kmer-0~20150903+r2013/libseq/sffFile.H:19:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char version[4]; data/kmer-0~20150903+r2013/libseq/sffFile.H:28:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flow_chars[SFF_NUMBER_OF_FLOWS_MAX]; // h->number_of_flows_per_read data/kmer-0~20150903+r2013/libseq/sffFile.H:29:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key_sequence[SFF_KEY_SEQUENCE_MAX]; // h->key_length data/kmer-0~20150903+r2013/libseq/sffFile.H:45:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[SFF_NAME_LENGTH_MAX]; // r->name_length data/kmer-0~20150903+r2013/libseq/sffFile.H:49:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bases[SFF_NUMBER_OF_BASES_MAX]; // r->number_of_bases data/kmer-0~20150903+r2013/libseq/sffFile.H:52:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char quality[SFF_NUMBER_OF_BASES_MAX]; // quality_scores converted to CA-format qv data/kmer-0~20150903+r2013/libseq/test-correctSequence.H:7:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[256]; data/kmer-0~20150903+r2013/libseq/test-correctSequence.H:25:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bases[4] = {'A', 'C', 'G', 'T'}; data/kmer-0~20150903+r2013/libseq/test-correctSequence.H:39:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen("test-correctSequence.fasta", "w"); data/kmer-0~20150903+r2013/libseq/test-correctSequence.H:45:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(correctSequence[i].header, "sequence%d", i); data/kmer-0~20150903+r2013/libseq/test-correctSequence.H:101:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. chainSeq = new char [maxLen + 1]; data/kmer-0~20150903+r2013/libseq/test-merStream.C:18:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char testmer[32]; data/kmer-0~20150903+r2013/libseq/test-merStream.C:65:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmerstr[256]; data/kmer-0~20150903+r2013/libseq/test-merStream.C:66:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rmerstr[256]; data/kmer-0~20150903+r2013/libseq/test-merStream.C:67:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmerstr[256]; data/kmer-0~20150903+r2013/libseq/test-merStream.C:68:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmerstr[256]; data/kmer-0~20150903+r2013/libseq/test/test-merstream-speed.C:25:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). F = fopen(argv[1], "r"); data/kmer-0~20150903+r2013/libsim4/sim4core/Xtend1.C:99:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_AG,trace_AG[0][ORIGIN+DELTA],sizeof(coords)); data/kmer-0~20150903+r2013/libsim4/sim4core/Xtend1.C:100:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_AC,trace_AC[0][ORIGIN+DELTA],sizeof(coords)); data/kmer-0~20150903+r2013/libsim4/sim4core/Xtend1.C:217:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_AG,trace_AG[d][k],sizeof(coords)); data/kmer-0~20150903+r2013/libsim4/sim4core/Xtend1.C:218:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_AC,trace_AC[d][k],sizeof(coords)); data/kmer-0~20150903+r2013/libsim4/sim4core/Xtend1.C:236:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_AG,trace_AG[d][k],sizeof(coords)); data/kmer-0~20150903+r2013/libsim4/sim4core/Xtend1.C:237:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_AC,trace_AC[d][k],sizeof(coords)); data/kmer-0~20150903+r2013/libsim4/sim4core/Xtend1.C:255:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_AG,trace_AG[d][k],sizeof(coords)); data/kmer-0~20150903+r2013/libsim4/sim4core/Xtend1.C:256:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_AC,trace_AC[d][k],sizeof(coords)); data/kmer-0~20150903+r2013/libsim4/sim4core/Xtend1.C:296:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_AG,trace_AG[d][min_diag[d]],sizeof(coords)); data/kmer-0~20150903+r2013/libsim4/sim4core/Xtend1.C:297:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_AC,trace_AC[d][min_diag[d]],sizeof(coords)); data/kmer-0~20150903+r2013/libsim4/sim4core/Xtend1.C:362:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_GT,trace_GT[0][ORIGIN],sizeof(coords)); data/kmer-0~20150903+r2013/libsim4/sim4core/Xtend1.C:363:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_CT,trace_CT[0][ORIGIN],sizeof(coords)); data/kmer-0~20150903+r2013/libsim4/sim4core/Xtend1.C:483:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_GT,trace_GT[d][k],sizeof(coords)); data/kmer-0~20150903+r2013/libsim4/sim4core/Xtend1.C:484:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_CT,trace_CT[d][k],sizeof(coords)); data/kmer-0~20150903+r2013/libsim4/sim4core/Xtend1.C:500:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_GT,trace_GT[d][k],sizeof(coords)); data/kmer-0~20150903+r2013/libsim4/sim4core/Xtend1.C:501:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_CT,trace_CT[d][k],sizeof(coords)); data/kmer-0~20150903+r2013/libsim4/sim4core/Xtend1.C:519:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_GT,trace_GT[d][k],sizeof(coords)); data/kmer-0~20150903+r2013/libsim4/sim4core/Xtend1.C:520:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_CT,trace_CT[d][k],sizeof(coords)); data/kmer-0~20150903+r2013/libsim4/sim4core/Xtend1.C:561:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_GT,trace_GT[d][max_diag[d]],sizeof(coords)); data/kmer-0~20150903+r2013/libsim4/sim4core/Xtend1.C:562:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_CT,trace_CT[d][max_diag[d]],sizeof(coords)); data/kmer-0~20150903+r2013/libsim4/sim4core/exon.H:146:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(l, _list, sizeof(Exon**) * _listLen); data/kmer-0~20150903+r2013/libsim4/sim4core/glimmerSplice.C:44:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line [ID_STRING_LEN]; data/kmer-0~20150903+r2013/libsim4/sim4core/glimmerSplice.C:48:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen (path, "r"))==NULL) { data/kmer-0~20150903+r2013/libsim4/sim4core/glimmerSplice.C:115:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line [ID_STRING_LEN]; data/kmer-0~20150903+r2013/libsim4/sim4core/glimmerSplice.C:414:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Clean_Exit_Msg_Line [MAX_ERROR_MSG_LEN]; data/kmer-0~20150903+r2013/libsim4/sim4core/glimmerSplice.C:419:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (Clean_Exit_Msg_Line, data/kmer-0~20150903+r2013/libsim4/sim4core/glimmerSplice.C:438:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Clean_Exit_Msg_Line [MAX_ERROR_MSG_LEN]; data/kmer-0~20150903+r2013/libsim4/sim4core/glimmerSplice.C:443:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (Clean_Exit_Msg_Line, data/kmer-0~20150903+r2013/libsim4/sim4core/glimmerSplice.C:460:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Clean_Exit_Msg_Line [MAX_ERROR_MSG_LEN]; data/kmer-0~20150903+r2013/libsim4/sim4core/glimmerSplice.C:466:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (Clean_Exit_Msg_Line, data/kmer-0~20150903+r2013/libsim4/sim4core/mspManager.C:455:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char L[41], M[41], R[41]; data/kmer-0~20150903+r2013/libsim4/sim4core/poly.C:16:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char encodingA[128]; data/kmer-0~20150903+r2013/libsim4/sim4core/poly.C:17:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char encodingT[128]; data/kmer-0~20150903+r2013/libsim4/sim4core/sim4b1_s.C:4:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. mss_t::mss_t(char seed[32]) { data/kmer-0~20150903+r2013/libsim4/sim4core/sim4b1_s.C:15:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char seed_mask[2*seedLength+1]; data/kmer-0~20150903+r2013/libsim4/sim4core/sim4b1_s.H:17:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. mss_t(char seed[32]); data/kmer-0~20150903+r2013/libsim4/sim4core/sim4b1a.C:7:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[50]; data/kmer-0~20150903+r2013/libsim4/sim4core/sim4command.C:263:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(n, _externalSeeds, sizeof(externalSeed) * _externalSeedsLen); data/kmer-0~20150903+r2013/libsim4/sim4core/sim4parameters.C:37:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(_spacedSeed, "111111111111"); data/kmer-0~20150903+r2013/libsim4/sim4core/sim4parameters.C:38:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(_spacedSeedInt, "11111111"); data/kmer-0~20150903+r2013/libsim4/sim4core/sim4parameters.C:39:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(_spacedSeedExt, "1111111111"); data/kmer-0~20150903+r2013/libsim4/sim4core/sim4parameters.H:169:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _spacedSeed[SPACED_SEED_MAX_LEN]; data/kmer-0~20150903+r2013/libsim4/sim4core/sim4parameters.H:170:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _spacedSeedInt[SPACED_SEED_MAX_LEN]; data/kmer-0~20150903+r2013/libsim4/sim4core/sim4parameters.H:171:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _spacedSeedExt[SPACED_SEED_MAX_LEN]; data/kmer-0~20150903+r2013/libsim4/sim4core/sim4string.C:89:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char touppercache[256]; data/kmer-0~20150903+r2013/libsim4/sim4core/sites.C:455:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char part[10]; data/kmer-0~20150903+r2013/libsim4/sim4core/sites.C:467:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). t->val=atoi(part); data/kmer-0~20150903+r2013/libsim4/sim4core/sites.C:478:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). t->consens=atoi(part); data/kmer-0~20150903+r2013/libsim4/sim4core/sites.C:488:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). t->poz=atoi(part); data/kmer-0~20150903+r2013/libsim4/sim4core/sites.C:498:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). t->no=atoi(part); data/kmer-0~20150903+r2013/libsim4/sim4core/splice.C:62:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1000]; data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-copy.C:32:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_estAlignment, orig->_estAlignment, sizeof(char) * len); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-copy.C:38:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_genAlignment, orig->_genAlignment, sizeof(char) * len); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-copy.C:84:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_comment, orig->_comment, sizeof(char) * len); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-copy.C:90:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_estDefLine, orig->_estDefLine, sizeof(char) * len); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-copy.C:96:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_genDefLine, orig->_genDefLine, sizeof(char) * len); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:58:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(gpp, "%c"uint32FMT" ", gaptyp, gapcnt); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:68:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(gpp, "%c"uint32FMT" ", gaptyp, gapcnt); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:80:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(gpp, "%c"uint32FMT" ", gaptyp, gapcnt); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:91:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(gpp, "%c"uint32FMT"", gaptyp, gapcnt); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:233:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(outc, "sim4end\n"); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:354:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(outc, "targetLen="uint32FMT";pA="uint32FMT";pT="uint32FMT";genRegion="uint32FMT"-"uint32FMT"\n", data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-read.C:36:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char **lines = new char * [numLines + 1]; data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-read.C:55:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lines[curLine++], thisLine, sizeof(char) * (thisLineLen + 1)); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-read.C:73:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lines[curLine++], thisLine, sizeof(char) * (thisLineLen + 1)); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-read.C:115:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char **lines = new char * [numLines + 1]; data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-read.C:135:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lines[curLine++], thisLine, sizeof(char) * (thisLineLen + 1)); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-read.C:160:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lines[curLine++], thisLine, sizeof(char) * (thisLineLen + 1)); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-stringtopolish.C:16:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mOri[65]; data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-stringtopolish.C:17:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sOri[65]; data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-stringtopolish.C:140:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nnn, _exons, sizeof(sim4polishExon) * _numExons); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-stringtopolish.C:206:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dummybuf[1000]; data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-stringtopolish.C:414:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nnn, _exons, sizeof(sim4polishExon) * _numExons); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishBuilder.C:84:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(it->_estDefLine, defline, sizeof(char) * (strlen(defline) + 1)); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishBuilder.C:96:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(it->_genDefLine, defline, sizeof(char) * (strlen(defline) + 1)); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishBuilder.C:176:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t, ex, exPos * sizeof(sim4polishExon *)); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishBuilder.C:246:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(it->_exons + i, ex[i], sizeof(sim4polishExon)); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishFile.C:128:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[8] = {0}; data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishFile.C:129:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cigam[8] = { 's', '4', 'p', 'F', 'i', 'l', 'e', '1'}; data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishFile.C:137:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(nam, "r"); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishFile.C:176:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cigam[8] = { 's', '4', 'p', 'F', 'i', 'l', 'e', '1'}; data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishFile.C:183:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(nam, "w"); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishFile.C:235:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(n, _polishRecord, sizeof(polishRecord) * _polishRecordLen); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishList.C:46:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(l, list, len * sizeof(sim4polish*)); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishReader.C:22:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char firstLine[1024]; data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishWriter.C:13:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char base64[65] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-"; data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishWriter.C:19:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(_otName, "(hidden)"); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishWriter.C:24:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(_otName, "(stdout)"); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishWriter.C:36:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _otFile = fopen(name, "w"); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishWriter.H:50:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _otName[FILENAME_MAX]; data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishWriter.H:55:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _sourceName[32]; data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishWriter.H:57:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _matchIDprefix[32]; data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishWriter.H:58:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _matchIDsalt[8]; data/kmer-0~20150903+r2013/libutil/bitPackedFile.C:55:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _file = open(_name, data/kmer-0~20150903+r2013/libutil/bitPackedFile.C:63:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _file = open(_name, data/kmer-0~20150903+r2013/libutil/bitPackedFile.C:72:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _file = open(_name, data/kmer-0~20150903+r2013/libutil/bitPackedFile.C:92:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char t[16] = { 'b', 'i', 't', 'P', 'a', 'c', 'k', 'e', 'd', 'F', 'i', 'l', 'e', 0, 0, 1 }; data/kmer-0~20150903+r2013/libutil/bitPackedFile.C:93:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[16] = { 0 }; data/kmer-0~20150903+r2013/libutil/bitPackedFile.C:124:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _bzFILE = fopen(_name, "r"); data/kmer-0~20150903+r2013/libutil/bitPackedFile.C:277:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_bfr, _bfr + lastpos, sizeof(uint64) * lastlen); data/kmer-0~20150903+r2013/libutil/bzipBuffer.C:24:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _file = open(filename, O_RDONLY | O_LARGEFILE); data/kmer-0~20150903+r2013/libutil/bzipBuffer.C:202:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, _buffer + _bufferPos, sizeof(char) * len); data/kmer-0~20150903+r2013/libutil/bzipBuffer.C:209:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, _buffer + _bufferPos, (_bufferLen - _bufferPos) * sizeof(char)); data/kmer-0~20150903+r2013/libutil/endianess.H:22:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c[8]; data/kmer-0~20150903+r2013/libutil/endianess.H:26:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c[4]; data/kmer-0~20150903+r2013/libutil/endianess.H:30:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c[2]; data/kmer-0~20150903+r2013/libutil/file.c:58:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char template[PATH_MAX + 1]; data/kmer-0~20150903+r2013/libutil/file.c:64:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(template, "/XXXXXX"); data/kmer-0~20150903+r2013/libutil/file.c:66:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(template, "XXXXXX"); data/kmer-0~20150903+r2013/libutil/file.c:70:12: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). fildes = mkstemp(template); data/kmer-0~20150903+r2013/libutil/file.c:126:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = open(filename, openMode); data/kmer-0~20150903+r2013/libutil/file.c:189:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). srcFile = fopen(srcName, "r"); data/kmer-0~20150903+r2013/libutil/file.c:383:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[1024] = { 0 };; data/kmer-0~20150903+r2013/libutil/file.c:439:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). F = fopen(path, mode); data/kmer-0~20150903+r2013/libutil/intervalList.H:32:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open; // If true, the start of a new interval data/kmer-0~20150903+r2013/libutil/intervalList.H:37:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return(open > that.open); data/kmer-0~20150903+r2013/libutil/intervalList.H:37:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return(open > that.open); data/kmer-0~20150903+r2013/libutil/intervalList.H:179:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_list, src._list, _listLen * sizeof(_intervalPair<iNum, iVal>)); data/kmer-0~20150903+r2013/libutil/intervalList.H:192:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(l, _list, sizeof(_intervalPair<iNum, iVal>) * _listLen); data/kmer-0~20150903+r2013/libutil/intervalList.H:479:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(X, intervals, sizeof(uint32) * intervalsLen); data/kmer-0~20150903+r2013/libutil/kazlib/drivers/dict-main.c:6:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef char input_t[256]; data/kmer-0~20150903+r2013/libutil/kazlib/drivers/dict-main.c:45:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, str, sz); data/kmer-0~20150903+r2013/libutil/kazlib/drivers/dict-main.c:271:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int dictnum = atoi(tok1); data/kmer-0~20150903+r2013/libutil/kazlib/drivers/dict-main.c:284:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int dict1 = atoi(tok1), dict2 = atoi(tok2); data/kmer-0~20150903+r2013/libutil/kazlib/drivers/dict-main.c:284:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int dict1 = atoi(tok1), dict2 = atoi(tok2); data/kmer-0~20150903+r2013/libutil/kazlib/drivers/except-main.c:11:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/kmer-0~20150903+r2013/libutil/kazlib/drivers/hash-main.c:5:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef char input_t[256]; data/kmer-0~20150903+r2013/libutil/kazlib/drivers/hash-main.c:39:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, str, sz); data/kmer-0~20150903+r2013/libutil/kazlib/drivers/list-main.c:6:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef char input_t[256]; data/kmer-0~20150903+r2013/libutil/kazlib/drivers/list-main.c:45:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, str, sz); data/kmer-0~20150903+r2013/libutil/kazlib/drivers/sfx-main.c:5:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expr_buf[256]; data/kmer-0~20150903+r2013/libutil/logMsg.H:44:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ll, _log, sizeof(char) * _logLen); data/kmer-0~20150903+r2013/libutil/md5.c:38:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[64]; // input buffer data/kmer-0~20150903+r2013/libutil/md5.c:46:47: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void MD5Transform(uint32 [4], unsigned char const [64]); data/kmer-0~20150903+r2013/libutil/md5.c:68:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char PADDING[64] = { data/kmer-0~20150903+r2013/libutil/md5.c:137:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&context->buffer[index], input, partLen); data/kmer-0~20150903+r2013/libutil/md5.c:149:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&context->buffer[index], &input[i], inputLen-i); data/kmer-0~20150903+r2013/libutil/md5.c:155:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void MD5Final (unsigned char digest[16], MD5_CTX *context) { data/kmer-0~20150903+r2013/libutil/md5.c:156:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bits[8]; data/kmer-0~20150903+r2013/libutil/md5.c:178:52: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void MD5Transform(uint32 state[4], unsigned char const block[64]) { data/kmer-0~20150903+r2013/libutil/md5.c:326:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dig[16]; data/kmer-0~20150903+r2013/libutil/md5.c:411:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dig[16]; data/kmer-0~20150903+r2013/libutil/readBuffer.C:30:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(_filename, "(stdin)"); data/kmer-0~20150903+r2013/libutil/readBuffer.C:48:40: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _file = (_stdin) ? fileno(stdin) : open(_filename, O_RDONLY | O_LARGEFILE); data/kmer-0~20150903+r2013/libutil/readBuffer.C:80:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(_filename, "(hidden file)"); data/kmer-0~20150903+r2013/libutil/readBuffer.C:203:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bufchar, _buffer + _bufferPos, len); data/kmer-0~20150903+r2013/libutil/readBuffer.C:220:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bufchar, _buffer + _bufferPos, _bufferLen - _bufferPos); data/kmer-0~20150903+r2013/libutil/recordFile.C:60:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _file = open(_name, data/kmer-0~20150903+r2013/libutil/recordFile.C:87:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _file = open(_name, data/kmer-0~20150903+r2013/libutil/recordFile.C:96:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _file = open(_name, data/kmer-0~20150903+r2013/libutil/recordFile.C:283:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(record, _bfr + _rec * _recordSize, _recordSize * num); data/kmer-0~20150903+r2013/libutil/recordFile.C:313:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_bfr + _rec * _recordSize, record, _recordSize * num); data/kmer-0~20150903+r2013/libutil/speedCounter.H:63:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *_spinr[4]; data/kmer-0~20150903+r2013/libutil/speedCounter.H:64:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *_liner[19]; data/kmer-0~20150903+r2013/libutil/splitToWords.H:50:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. _cmd = new char [cmdChars]; data/kmer-0~20150903+r2013/libutil/splitToWords.H:55:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. _arg = new char * [cmdWords]; data/kmer-0~20150903+r2013/libutil/test/order.C:10:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c[8]; data/kmer-0~20150903+r2013/libutil/test/order.C:15:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c[4]; data/kmer-0~20150903+r2013/libutil/test/order.C:20:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c[2]; data/kmer-0~20150903+r2013/libutil/test/tcat.C:58:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). readBuf = atoi(argv[++arg]); data/kmer-0~20150903+r2013/libutil/test/tcat.C:61:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). writBuf = atoi(argv[++arg]); data/kmer-0~20150903+r2013/libutil/test/tcat.C:64:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). blockSize = atoi(argv[++arg]); data/kmer-0~20150903+r2013/libutil/test/test-bigQueue.C:44:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *out = fopen("junk-bigQueue-out-1", "w"); data/kmer-0~20150903+r2013/libutil/test/test-bigQueue.C:59:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen("junk-bigQueue-out-2", "w"); data/kmer-0~20150903+r2013/libutil/test/test-bzipBuffer.C:71:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(filename, "r"); data/kmer-0~20150903+r2013/libutil/test/test-md5.c:25:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char r[33]; data/kmer-0~20150903+r2013/libutil/test/test-mmap.c:37:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen("mmap.test.junk", "w"); data/kmer-0~20150903+r2013/libutil/test/test-readBuffer.C:92:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(filename, "r"); data/kmer-0~20150903+r2013/libutil/test/test-recordFile.C:9:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s1[570]; data/kmer-0~20150903+r2013/libutil/test/test-recordFile.C:15:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s1[123]; data/kmer-0~20150903+r2013/libutil/test/test-recordFile.C:25:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(h.s1, "this is the header"); data/kmer-0~20150903+r2013/libutil/test/test-recordFile.C:30:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RF->header(), &h, sizeof(header_s)); data/kmer-0~20150903+r2013/libutil/test/test-recordFile.C:32:41: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. r.t1 = 1; memset(r.s1, 0x66, 123); strcpy(r.s1, "record1"); data/kmer-0~20150903+r2013/libutil/test/test-recordFile.C:35:41: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. r.t1 = 2; memset(r.s1, 0x66, 123); strcpy(r.s1, "record2"); data/kmer-0~20150903+r2013/libutil/test/test-recordFile.C:38:41: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. r.t1 = 3; memset(r.s1, 0x66, 123); strcpy(r.s1, "record3"); data/kmer-0~20150903+r2013/libutil/test/test-recordFile.C:41:41: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. r.t1 = 4; memset(r.s1, 0x66, 123); strcpy(r.s1, "record4"); data/kmer-0~20150903+r2013/libutil/test/test-recordFile.C:44:41: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. r.t1 = 5; memset(r.s1, 0x66, 123); strcpy(r.s1, "record5"); data/kmer-0~20150903+r2013/libutil/uint32List.H:28:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(L, _lst, sizeof(uint32) * _len); data/kmer-0~20150903+r2013/libutil/util.c:80:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rslt, orig, size); data/kmer-0~20150903+r2013/libutil/util.h:243:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[MD5_BUFFER_SIZE]; data/kmer-0~20150903+r2013/meryl/args.C:289:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. mergeFiles = new char * [mergeFilesMax]; data/kmer-0~20150903+r2013/meryl/args.C:290:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. options = new char [2 * optionsLen + 1]; data/kmer-0~20150903+r2013/meryl/args.C:506:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(filename, "rb"); data/kmer-0~20150903+r2013/meryl/args.C:512:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[17] = {0}; data/kmer-0~20150903+r2013/meryl/args.C:566:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(filename, "wb"); data/kmer-0~20150903+r2013/meryl/asmMerQC-regions.C:74:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. _cmd = new char [cmdChars]; data/kmer-0~20150903+r2013/meryl/asmMerQC-regions.C:79:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. _arg = new char * [cmdWords]; data/kmer-0~20150903+r2013/meryl/asmMerQC-regions.C:290:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_list, src._list, _listLen * sizeof(_intervalPair)); data/kmer-0~20150903+r2013/meryl/asmMerQC-regions.C:302:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(l, _list, sizeof(_intervalPair) * _listLen); data/kmer-0~20150903+r2013/meryl/asmMerQC-regions.C:507:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(X, intervals, sizeof(uint32) * intervalsLen); data/kmer-0~20150903+r2013/meryl/asmMerQC-regions.C:718:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024] = {0}; data/kmer-0~20150903+r2013/meryl/asmMerQC-regions.C:724:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(depthname, "r"); data/kmer-0~20150903+r2013/meryl/asmMerQC-regions.C:767:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024 * 1024] = {0}; data/kmer-0~20150903+r2013/meryl/asmMerQC-regions.C:772:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(depthname, "r"); data/kmer-0~20150903+r2013/meryl/asmMerQC-regions.C:802:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024] = {0}; data/kmer-0~20150903+r2013/meryl/asmMerQC-regions.C:807:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(depthname, "r"); data/kmer-0~20150903+r2013/meryl/build.C:106:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nam[1024]; data/kmer-0~20150903+r2013/meryl/build.C:107:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[1024]; data/kmer-0~20150903+r2013/meryl/build.C:112:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). F = fopen(nam, "w"); data/kmer-0~20150903+r2013/meryl/build.C:136:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nam[1024]; data/kmer-0~20150903+r2013/meryl/build.C:137:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[1024]; data/kmer-0~20150903+r2013/meryl/build.C:142:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). F = fopen(nam, "w"); data/kmer-0~20150903+r2013/meryl/build.C:167:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). F = fopen(nam, "w"); data/kmer-0~20150903+r2013/meryl/build.C:412:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mstring[256]; data/kmer-0~20150903+r2013/meryl/compare-counts.C:206:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outputName[FILENAME_MAX]; data/kmer-0~20150903+r2013/meryl/compare-counts.C:209:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *outputGP = fopen(outputName, "w"); data/kmer-0~20150903+r2013/meryl/compare-counts.C:212:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *outputDAT = fopen(outputName, "w"); data/kmer-0~20150903+r2013/meryl/dump.C:13:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[1025]; data/kmer-0~20150903+r2013/meryl/dump.C:29:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[1025]; data/kmer-0~20150903+r2013/meryl/kmer-mask.C:122:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char a1[1024]; data/kmer-0~20150903+r2013/meryl/kmer-mask.C:126:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char a3[1024]; data/kmer-0~20150903+r2013/meryl/kmer-mask.C:133:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b1[1024]; data/kmer-0~20150903+r2013/meryl/kmer-mask.C:137:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b3[1024]; data/kmer-0~20150903+r2013/meryl/kmer-mask.C:463:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char C[2 * FILENAME_MAX]; data/kmer-0~20150903+r2013/meryl/kmer-mask.C:493:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). F = fopen(filename, "r"); data/kmer-0~20150903+r2013/meryl/kmer-mask.C:518:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char N[FILENAME_MAX]; data/kmer-0~20150903+r2013/meryl/kmer-mask.C:524:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). F = fopen(N, "w"); data/kmer-0~20150903+r2013/meryl/kmer-mask.C:554:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g->merSize = atoi(argv[++arg]); data/kmer-0~20150903+r2013/meryl/kmer-mask.C:557:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g->maxLength = atoi(argv[++arg]); data/kmer-0~20150903+r2013/meryl/kmer-mask.C:571:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g->minSize = atoi(argv[++arg]); data/kmer-0~20150903+r2013/meryl/kmer-mask.C:574:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g->extend = atoi(argv[++arg]); data/kmer-0~20150903+r2013/meryl/kmer-mask.C:577:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). numWorkers = atoi(argv[++arg]); data/kmer-0~20150903+r2013/meryl/kmer-mask.C:769:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *H = fopen(g->outputHistogram, "w"); data/kmer-0~20150903+r2013/meryl/mapMers.C:185:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char merString[256]; data/kmer-0~20150903+r2013/meryl/maskMers.C:85:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(_maskMersName, ".maskMers"); data/kmer-0~20150903+r2013/meryl/maskMers.C:122:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _fastaName[FILENAME_MAX]; data/kmer-0~20150903+r2013/meryl/maskMers.C:123:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _merylName[FILENAME_MAX]; data/kmer-0~20150903+r2013/meryl/maskMers.C:124:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _maskMersName[FILENAME_MAX]; data/kmer-0~20150903+r2013/meryl/maskMers.C:130:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *maskMersFile = fopen(_maskMersName, "r"); data/kmer-0~20150903+r2013/meryl/maskMers.C:136:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. _masking = new char * [_numSeq]; data/kmer-0~20150903+r2013/meryl/maskMers.C:150:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. _masking[i] = new char [_seqLen[i]]; data/kmer-0~20150903+r2013/meryl/maskMers.C:171:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *maskMersFile = fopen(_maskMersName, "w"); data/kmer-0~20150903+r2013/meryl/maskMers.C:193:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. _masking = new char * [_numSeq]; data/kmer-0~20150903+r2013/meryl/maskMers.C:203:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. _masking[i] = new char [_seqLen[i]]; data/kmer-0~20150903+r2013/meryl/maskMers.C:276:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outputName[FILENAME_MAX]; data/kmer-0~20150903+r2013/meryl/maskMers.C:287:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outputFile = fopen(outputName, "w"); data/kmer-0~20150903+r2013/meryl/maskMers.C:342:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outputName[FILENAME_MAX]; data/kmer-0~20150903+r2013/meryl/maskMers.C:365:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outputFile = fopen(outputName, "w"); data/kmer-0~20150903+r2013/meryl/maskMers.C:368:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outputData = fopen(outputName, "w"); data/kmer-0~20150903+r2013/meryl/maskMers.C:563:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). onlySeqIID = atoi(argv[++arg]); data/kmer-0~20150903+r2013/meryl/maskMers.C:572:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(argv[arg+3]) > 0) { data/kmer-0~20150903+r2013/meryl/maskMers.C:574:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lib[libLen++].init(atoi(argv[arg+1]), atoi(argv[arg+2]), atoi(argv[arg+3])); data/kmer-0~20150903+r2013/meryl/maskMers.C:574:47: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lib[libLen++].init(atoi(argv[arg+1]), atoi(argv[arg+2]), atoi(argv[arg+3])); data/kmer-0~20150903+r2013/meryl/maskMers.C:574:66: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lib[libLen++].init(atoi(argv[arg+1]), atoi(argv[arg+2]), atoi(argv[arg+3])); data/kmer-0~20150903+r2013/meryl/merge.C:183:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t, currentPositions, sizeof(uint32) * currentCount); data/kmer-0~20150903+r2013/meryl/merge.C:193:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(currentPositions + currentCount, R[thisFile]->thePositions(), sizeof(uint32) * thisCount); data/kmer-0~20150903+r2013/meryl/merge.listmerge.C:142:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, _pos, sizeof(uint32) * _posLen); data/kmer-0~20150903+r2013/meryl/merge.listmerge.C:394:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t, currentPositions, sizeof(uint32) * currentCount); data/kmer-0~20150903+r2013/meryl/merge.listmerge.C:403:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(currentPositions + currentCount, thisPositions, sizeof(uint32) * thisCount); data/kmer-0~20150903+r2013/meryl/merge.qsort.C:106:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, _mmm, sizeof(mMer) * _mmmLen); data/kmer-0~20150903+r2013/meryl/merge.qsort.C:120:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, _mmm, sizeof(mMer) * _mmmLen); data/kmer-0~20150903+r2013/meryl/merge.qsort.C:137:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, _pos, sizeof(uint32) * _posLen); data/kmer-0~20150903+r2013/meryl/merge.qsort.C:184:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char debugstring[256]; data/kmer-0~20150903+r2013/meryl/merge.qsort.C:185:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char debugstring2[256]; data/kmer-0~20150903+r2013/meryl/merge.qsort.C:418:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t, currentPositions, sizeof(uint32) * currentCount); data/kmer-0~20150903+r2013/meryl/merge.qsort.C:427:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(currentPositions + currentCount, thisPositions, sizeof(uint32) * thisCount); data/kmer-0~20150903+r2013/meryl/mervin.C:120:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nmermore, nmer, sizeof(uint64) * (npos + 1)); data/kmer-0~20150903+r2013/meryl/mervin.C:121:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ncntmore, ncnt, sizeof(uint32) * (npos + 1)); data/kmer-0~20150903+r2013/meryl/mervin.C:157:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nmermore, nmer, sizeof(uint64) * (npos + 1)); data/kmer-0~20150903+r2013/meryl/mervin.C:158:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ncntmore, ncnt, sizeof(uint32) * (npos + 1)); data/kmer-0~20150903+r2013/meryl/mervin.C:212:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char km[64] = {0}; data/kmer-0~20150903+r2013/meryl/mervin.C:528:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outName[FILENAME_MAX]; data/kmer-0~20150903+r2013/meryl/mervin.C:533:30: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(outName, "w"); data/kmer-0~20150903+r2013/meryl/simple.C:51:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). merSize = atoi(argv[++arg]); data/kmer-0~20150903+r2013/meryl/simple.C:69:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). merCompression = atoi(argv[++arg]); data/kmer-0~20150903+r2013/meryl/test/exhaustive.C:135:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[1024]; data/kmer-0~20150903+r2013/meryl/test/exhaustive.C:154:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[1024]; data/kmer-0~20150903+r2013/meryl/test/stupidcount.C:29:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[1024]; data/kmer-0~20150903+r2013/seagen/configuration.C:174:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _merSize = atoi(argv[arg]); data/kmer-0~20150903+r2013/seagen/configuration.C:177:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _merSkip = atoi(argv[arg]); data/kmer-0~20150903+r2013/seagen/configuration.C:180:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _numSearchThreads = atoi(argv[arg]); data/kmer-0~20150903+r2013/seagen/configuration.C:232:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _maxDiagonal = atoi(argv[arg]); data/kmer-0~20150903+r2013/seagen/configuration.C:235:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _maxGap = atoi(argv[arg]); data/kmer-0~20150903+r2013/seagen/configuration.C:238:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _qsOverlap = atoi(argv[arg]); data/kmer-0~20150903+r2013/seagen/configuration.C:241:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _dsOverlap = atoi(argv[arg]); data/kmer-0~20150903+r2013/seagen/configuration.C:244:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _maxIntronLength = atoi(argv[arg]); data/kmer-0~20150903+r2013/seagen/configuration.C:247:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _smallSequenceCutoff = atoi(argv[arg]); data/kmer-0~20150903+r2013/seagen/configuration.C:250:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _minLengthSingle = atoi(argv[arg]); data/kmer-0~20150903+r2013/seagen/configuration.C:253:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _minLengthMultiple = atoi(argv[arg]); data/kmer-0~20150903+r2013/seagen/configuration.C:262:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _extendWeight = atoi(argv[arg]); data/kmer-0~20150903+r2013/seagen/configuration.C:266:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _extendMinimum = atoi(argv[arg]); data/kmer-0~20150903+r2013/seagen/configuration.C:270:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _loaderQueue = atoi(argv[++arg]); data/kmer-0~20150903+r2013/seagen/configuration.C:280:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _writerQueue = atoi(argv[++arg]); data/kmer-0~20150903+r2013/seagen/configuration.C:320:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _outputFile = open(_outputFileName, data/kmer-0~20150903+r2013/seagen/configuration.C:332:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _matchCountsFile = open(_queryMatchFileName, data/kmer-0~20150903+r2013/seagen/encodedQuery.C:145:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mer1[65]; data/kmer-0~20150903+r2013/seagen/encodedQuery.C:146:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mer2[65]; data/kmer-0~20150903+r2013/seagen/encodedQuery.C:169:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rev[2048]; data/kmer-0~20150903+r2013/seagen/encodedQuery.C:214:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(o, _output, _outputLen); data/kmer-0~20150903+r2013/seagen/encodedQuery.C:220:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_output + _outputLen, newout, size); data/kmer-0~20150903+r2013/seagen/filterEST.C:123:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uniqThresh = atoi(argv[++arg]); data/kmer-0~20150903+r2013/seagen/filterEST.C:125:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). reptThresh = atoi(argv[++arg]); data/kmer-0~20150903+r2013/seagen/filterEST.C:129:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). logFile = fopen(argv[arg], "w"); data/kmer-0~20150903+r2013/seagen/filterMRNA.C:40:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ML = atoi(argv[++arg]); data/kmer-0~20150903+r2013/seagen/filtertest.C:159:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hitLine[1025]; data/kmer-0~20150903+r2013/seagen/hitConverter.C:34:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[1025]; data/kmer-0~20150903+r2013/seagen/hitMatrix.C:640:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[128]; data/kmer-0~20150903+r2013/seagen/hitMatrix.C:642:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(line, "-%c -e "uint32FMT" -D "uint32FMT" "uint32FMT" "uint32FMT" -M "uint32FMT" "uint32FMT" "uint32FMT"\n", data/kmer-0~20150903+r2013/seagen/hitReader.C:138:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_list, _list, _listLen * sizeof(hit_s)); data/kmer-0~20150903+r2013/seagen/hitReader.C:143:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&_list[_listLen].a, &_files[i].a, sizeof(aHit)); data/kmer-0~20150903+r2013/seagen/hitReader.C:234:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_list+cur, _list+exa, sizeof(hit_s)); data/kmer-0~20150903+r2013/seagen/hitReader.C:265:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_list+cur, _list+exa, sizeof(hit_s)); data/kmer-0~20150903+r2013/seagen/hitReader.H:23:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[1024]; data/kmer-0~20150903+r2013/seagen/misc/f.C:34:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[1024]; data/kmer-0~20150903+r2013/seagen/misc/f.C:40:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf[0] = fopen("filteredHits.0", "w"); data/kmer-0~20150903+r2013/seagen/misc/f.C:41:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf[1] = fopen("filteredHits.1", "w"); data/kmer-0~20150903+r2013/seagen/misc/f.C:42:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf[2] = fopen("filteredHits.2", "w"); data/kmer-0~20150903+r2013/seagen/misc/f.C:43:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf[3] = fopen("filteredHits.3", "w"); data/kmer-0~20150903+r2013/seagen/misc/f.C:44:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf[4] = fopen("filteredHits.4", "w"); data/kmer-0~20150903+r2013/seagen/misc/f.C:45:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf[5] = fopen("filteredHits.5", "w"); data/kmer-0~20150903+r2013/seagen/misc/f.C:46:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf[6] = fopen("filteredHits.6", "w"); data/kmer-0~20150903+r2013/seagen/misc/f.C:47:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf[7] = fopen("filteredHits.7", "w"); data/kmer-0~20150903+r2013/seagen/misc/f.C:48:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf[8] = fopen("filteredHits.8", "w"); data/kmer-0~20150903+r2013/seagen/misc/f.C:49:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf[9] = fopen("filteredHits.9", "w"); data/kmer-0~20150903+r2013/seagen/misc/f.C:50:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf[10] = fopen("filteredHits.a", "w"); data/kmer-0~20150903+r2013/seagen/misc/f.C:51:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf[11] = fopen("filteredHits.b", "w"); data/kmer-0~20150903+r2013/seagen/misc/f.C:58:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(argv[arg], "r"); data/kmer-0~20150903+r2013/seagen/misc/h.C:33:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[1024]; data/kmer-0~20150903+r2013/seagen/misc/h.C:43:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(argv[arg], "r"); data/kmer-0~20150903+r2013/seagen/sortHits.C:28:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). theFile = fopen(filename, "r"); data/kmer-0~20150903+r2013/seagen/sortHits.C:183:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). memoryLimit = atoi(argv[arg]); data/kmer-0~20150903+r2013/seagen/sortHits.C:220:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, tmpF, sizeof(aHitTemporary) * tmpFlen); data/kmer-0~20150903+r2013/seagen/sortHits.C:256:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, tmpF, sizeof(aHitTemporary) * tmpFlen); data/kmer-0~20150903+r2013/seagen/thr-output.C:57:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[256]; data/kmer-0~20150903+r2013/seatac/configuration.C:129:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _merSize = atoi(argv[arg]); data/kmer-0~20150903+r2013/seatac/configuration.C:132:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _merSkip = atoi(argv[arg]); data/kmer-0~20150903+r2013/seatac/configuration.C:135:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _numSearchThreads = atoi(argv[arg]); data/kmer-0~20150903+r2013/seatac/configuration.C:176:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _maxDiagonal = atoi(argv[arg]); data/kmer-0~20150903+r2013/seatac/configuration.C:179:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _maxGap = atoi(argv[arg]); data/kmer-0~20150903+r2013/seatac/configuration.C:182:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _qsOverlap = atoi(argv[arg]); data/kmer-0~20150903+r2013/seatac/configuration.C:185:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _dsOverlap = atoi(argv[arg]); data/kmer-0~20150903+r2013/seatac/configuration.C:188:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _minLength = atoi(argv[arg]); data/kmer-0~20150903+r2013/seatac/configuration.C:190:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _loaderHighWaterMark = atoi(argv[++arg]); data/kmer-0~20150903+r2013/seatac/configuration.C:198:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _writerHighWaterMark = atoi(argv[++arg]); data/kmer-0~20150903+r2013/seatac/filter-heavychains.C:63:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char assemblyId1[32]; data/kmer-0~20150903+r2013/seatac/filter-heavychains.C:64:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char assemblyId2[32]; data/kmer-0~20150903+r2013/seatac/filter-heavychains.C:200:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char assemblyIdD[4] = { 'U', 'N', 'K', 0 }; data/kmer-0~20150903+r2013/seatac/filter-heavychains.C:217:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxJump = atoi(W.getWord(++arg)); data/kmer-0~20150903+r2013/seatac/filter-heavychains.C:267:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char assemblyIdD[4] = { 'U', 'N', 'K', 0 }; data/kmer-0~20150903+r2013/seatac/filter-heavychains.C:284:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxJump = atoi(W.getWord(++arg)); data/kmer-0~20150903+r2013/seatac/filter-nop.C:61:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(outstring, data/kmer-0~20150903+r2013/seatac/filter-nop.C:82:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outstring[512]; data/kmer-0~20150903+r2013/seatac/filter-nop.C:83:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name1[32], name2[32]; data/kmer-0~20150903+r2013/seatac/filterObj.H:51:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name1[32]; data/kmer-0~20150903+r2013/seatac/filterObj.H:52:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name2[32]; data/kmer-0~20150903+r2013/seatac/filterObj.H:76:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(name1, "UNK"); data/kmer-0~20150903+r2013/seatac/filterObj.H:77:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(name2, "UNK"); data/kmer-0~20150903+r2013/seatac/filterObj.H:151:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(o, theOutput, theOutputPos); data/kmer-0~20150903+r2013/seatac/filterObj.H:182:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char matchIDstring[32] = {0}; data/kmer-0~20150903+r2013/seatac/heavychains-driver.C:48:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxJump = atoi(argv[++arg]); data/kmer-0~20150903+r2013/seatac/heavychains-driver.C:58:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *inpF = fopen(inFileName, "r"); data/kmer-0~20150903+r2013/seatac/heavychains-driver.C:59:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *outF = fopen(outFileName, "w"); data/kmer-0~20150903+r2013/seatac/heavychains-driver.C:65:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linebuffer[BUFFERSIZE] = {0}; data/kmer-0~20150903+r2013/seatac/heavychains-driver.C:91:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char selfId[100]; data/kmer-0~20150903+r2013/seatac/heavychains-driver.C:92:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char parentId[100]; data/kmer-0~20150903+r2013/seatac/heavychains-driver.C:93:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_ass1[100]; data/kmer-0~20150903+r2013/seatac/heavychains-driver.C:94:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_ass2[100]; data/kmer-0~20150903+r2013/seatac/heavychains-driver.C:138:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). new_stra1 = atoi(p+1); data/kmer-0~20150903+r2013/seatac/heavychains-driver.C:142:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). new_stra2 = atoi(p+1); data/kmer-0~20150903+r2013/seatac/heavychains.H:129:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(n, P, sizeof(Match) * Plen); data/kmer-0~20150903+r2013/seatac/heavychains.H:133:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(P+Plen, m, sizeof(Match)); data/kmer-0~20150903+r2013/seatac/heavychains.H:141:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char assemblyId1[32]; data/kmer-0~20150903+r2013/seatac/heavychains.H:142:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char assemblyId2[32]; data/kmer-0~20150903+r2013/seatac/heavychains.H:207:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char assemblyId1[32]; data/kmer-0~20150903+r2013/seatac/heavychains.H:208:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char assemblyId2[32]; data/kmer-0~20150903+r2013/seatac/seatac.C:19:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *threadStats[MAX_THREADS] = { 0L }; data/kmer-0~20150903+r2013/seatac/seatac.C:165:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int rf = open(config._outputFileName, data/kmer-0~20150903+r2013/seatac/seatac.H:162:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *threadStats[MAX_THREADS]; data/kmer-0~20150903+r2013/sim4db/sim4th.C:324:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[128]; data/kmer-0~20150903+r2013/sim4db/sim4th.C:358:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = open(name, data/kmer-0~20150903+r2013/sim4db/sim4th.C:380:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sim4params.setAlwaysReport(atoi(argv[++arg])); data/kmer-0~20150903+r2013/sim4db/sim4th.C:402:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sim4params.setMinCoverage(atoi(argv[++arg]) / 100.0); data/kmer-0~20150903+r2013/sim4db/sim4th.C:406:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sim4params.setMinPercentExonIdentity(atoi(argv[++arg])); data/kmer-0~20150903+r2013/sim4db/sim4th.C:410:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sim4params.setMinCoverageLength(atoi(argv[++arg])); data/kmer-0~20150903+r2013/sim4db/sim4th.C:431:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sim4params.setSpliceModel(atoi(argv[++arg])); data/kmer-0~20150903+r2013/sim4db/sim4th.C:449:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sim4params.setRelinkWeight(atoi(argv[++arg])); data/kmer-0~20150903+r2013/sim4db/sim4th.C:452:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sim4params.setMSPThreshold1(atoi(argv[++arg])); data/kmer-0~20150903+r2013/sim4db/sim4th.C:455:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sim4params.setMSPThreshold2(atoi(argv[++arg])); data/kmer-0~20150903+r2013/sim4db/sim4th.C:461:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sim4params.setMSPLimitAbsolute(atoi(argv[++arg])); data/kmer-0~20150903+r2013/sim4dbutils/cleanPolishes-20020626.C:100:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). splitFile = fopen(argv[arg], "w"); data/kmer-0~20150903+r2013/sim4dbutils/cleanPolishes-20020626.C:106:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). intronLimit = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/cleanPolishes-20020626.C:125:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *junkF = fopen("spl.junkfirst", "w"); data/kmer-0~20150903+r2013/sim4dbutils/cleanPolishes-20020626.C:126:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *junkL = fopen("spl.junklast", "w"); data/kmer-0~20150903+r2013/sim4dbutils/cleanPolishes-20020626.C:127:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *junkB = fopen("spl.junkboth", "w"); data/kmer-0~20150903+r2013/sim4dbutils/cleanPolishes-20020626.C:128:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *splGap = fopen("spl.splitGap", "w"); data/kmer-0~20150903+r2013/sim4dbutils/cleanPolishes-20020626.C:129:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *good = fopen("spl.good", "w"); data/kmer-0~20150903+r2013/sim4dbutils/cleanPolishes-20020626.C:130:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *flank = fopen("spl.flanking", "w"); data/kmer-0~20150903+r2013/sim4dbutils/cleanPolishes.C:128:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). intronLimit = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/comparePolishes.C:39:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[FILENAME_MAX]; data/kmer-0~20150903+r2013/sim4dbutils/comparePolishes.C:85:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minI = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/comparePolishes.C:87:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minC = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/convertToExtent.C:98:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char E[1024], *Ep; data/kmer-0~20150903+r2013/sim4dbutils/convertToExtent.C:99:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char G[1024], *Gp; data/kmer-0~20150903+r2013/sim4dbutils/coveragehack.C:20:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024] = {0}; data/kmer-0~20150903+r2013/sim4dbutils/coveragehack.C:24:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(path, "r"); data/kmer-0~20150903+r2013/sim4dbutils/coveragehack.C:37:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uint32 idx = atoi(S[8] + taglength + 1); data/kmer-0~20150903+r2013/sim4dbutils/coveragehack.C:38:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uint32 beg = atoi(S[9]); data/kmer-0~20150903+r2013/sim4dbutils/coveragehack.C:39:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uint32 len = atoi(S[10]); data/kmer-0~20150903+r2013/sim4dbutils/coveragehack.C:44:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). idx = atoi(S[4] + taglength + 1); data/kmer-0~20150903+r2013/sim4dbutils/coveragehack.C:45:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). beg = atoi(S[5]); data/kmer-0~20150903+r2013/sim4dbutils/coveragehack.C:46:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). len = atoi(S[6]); data/kmer-0~20150903+r2013/sim4dbutils/coveragehack.C:64:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(path, "r"); data/kmer-0~20150903+r2013/sim4dbutils/detectChimera.C:37:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lastdefline[1024] = { 0 }; data/kmer-0~20150903+r2013/sim4dbutils/detectChimera.C:49:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spaces[QUERY_LENGTH+1]; data/kmer-0~20150903+r2013/sim4dbutils/detectChimera.C:50:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lines[QUERY_LENGTH+1]; data/kmer-0~20150903+r2013/sim4dbutils/detectChimera.C:51:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char equals[QUERY_LENGTH+1]; data/kmer-0~20150903+r2013/sim4dbutils/filterPolishes.C:53:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minC = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/filterPolishes.C:56:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minI = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/filterPolishes.C:59:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minL = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/filterPolishes.C:62:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minExons = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/filterPolishes.C:65:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxExons = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/filterPolishes.C:88:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cdna = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/filterPolishes.C:91:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). geno = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/filterPolishes.C:98:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). doSegregationLo = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/filterPolishes.C:99:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). doSegregationHi = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/filterPolishes.C:239:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1024]; data/kmer-0~20150903+r2013/sim4dbutils/headPolishes.C:25:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). numToPrint = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/headPolishes.C:31:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). numToPrint = atoi(argv[arg] + 1); data/kmer-0~20150903+r2013/sim4dbutils/mappedCoverage.C:83:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). C = fopen(covname, "w"); data/kmer-0~20150903+r2013/sim4dbutils/mappedCoverage.C:102:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inLine[1024]; data/kmer-0~20150903+r2013/sim4dbutils/mergePolishes.C:23:41: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char **inMatchName = new char * [argc]; data/kmer-0~20150903+r2013/sim4dbutils/mergePolishes.C:24:41: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char **inSeqName = new char * [argc]; data/kmer-0~20150903+r2013/sim4dbutils/mergePolishes.C:41:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. inMatchName[numIn] = (char *)argv[arg++]; data/kmer-0~20150903+r2013/sim4dbutils/mergePolishes.C:42:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. inSeqName[numIn] = (char *)argv[arg++]; data/kmer-0~20150903+r2013/sim4dbutils/mergePolishes.C:49:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. otMatchName = (char *)argv[arg++]; data/kmer-0~20150903+r2013/sim4dbutils/mergePolishes.C:50:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. otSeqName = (char *)argv[arg++]; data/kmer-0~20150903+r2013/sim4dbutils/mergePolishes.C:76:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *O = fopen(otSeqName, "w"); data/kmer-0~20150903+r2013/sim4dbutils/parseSNP.C:127:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return(atoi(p) + positionOffset); data/kmer-0~20150903+r2013/sim4dbutils/parseSNP.C:418:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). percentID = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/parseSNP.C:421:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). percentCO = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/parseSNP.C:428:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). validSNPMapFile = fopen(argv[++arg], "w"); data/kmer-0~20150903+r2013/sim4dbutils/parseSNP.C:433:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[FILENAME_MAX]; data/kmer-0~20150903+r2013/sim4dbutils/parseSNP.C:459:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). positionOffset = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/parseSNP.C:462:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). outputFormat = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/parseSNP.C:550:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, P, sizeof(sim4polish *) * pAlloc); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:18:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char seqName[SEQNAME_MAX]; data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:21:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char refName[SEQNAME_MAX]; data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:49:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char line[1024]; data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:118:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char line[1024]; data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:184:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char line[1024]; data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:306:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). distMin = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:307:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). distMax = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:311:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minIdent = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:314:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minLength = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:317:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minCoverage = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:349:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *IN = fopen(mateMaps[mm], "r"); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:353:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char LL[10240]; data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:376:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *IN = fopen(in1extent[ii], "r"); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:394:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *IN = fopen(in1coords[ii], "r"); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:404:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *IN = fopen(in2extent[ii], "r"); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:422:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *IN = fopen(in2coords[ii], "r"); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:432:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *IN = fopen(incoords[ii], "r"); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:447:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[10240]; data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:450:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *LOG = fopen(name, "w"); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:453:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *DUP = fopen(name, "w"); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:456:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *STA = fopen(name, "w"); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPolish.C:378:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pAlloc = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPolish.C:422:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, P, sizeof(sim4polish *) * pAlloc); data/kmer-0~20150903+r2013/sim4dbutils/pickUniquePolish-nhgri.C:519:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. mergeNames = new char * [mergeFilesMax]; data/kmer-0~20150903+r2013/sim4dbutils/pickUniquePolish-nhgri.C:556:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[1024] = {0}; data/kmer-0~20150903+r2013/sim4dbutils/pickUniquePolish-nhgri.C:576:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sFile = fopen(argv[++arg], "w"); data/kmer-0~20150903+r2013/sim4dbutils/pickUniquePolish-nhgri.C:581:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[1024] = {0}; data/kmer-0~20150903+r2013/sim4dbutils/pickUniquePolish-nhgri.C:671:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, P, sizeof(sim4polish *) * pAlloc); data/kmer-0~20150903+r2013/sim4dbutils/pickUniquePolish.C:352:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, P, sizeof(sim4polish *) * pAlloc); data/kmer-0~20150903+r2013/sim4dbutils/plotCoverageVsIdentity.C:24:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *C = fopen("coverage.histogram", "w"); data/kmer-0~20150903+r2013/sim4dbutils/plotCoverageVsIdentity.C:25:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *I = fopen("identity.histogram", "w"); data/kmer-0~20150903+r2013/sim4dbutils/plotCoverageVsIdentity.C:26:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *S = fopen("c-vs-i.scatter", "w"); data/kmer-0~20150903+r2013/sim4dbutils/plotIntronSize.C:32:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dumpSize = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/plotIntronSize.C:34:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). all = fopen(argv[++arg], "w"); data/kmer-0~20150903+r2013/sim4dbutils/plotIntronSize.C:40:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). big = fopen(argv[++arg], "w"); data/kmer-0~20150903+r2013/sim4dbutils/realignPolishes.C:42:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mergeTolerancePerc = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/realignPolishes.C:44:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mergeToleranceBase = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/realignPolishes.C:46:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mergeLog = fopen(argv[++arg], "w"); data/kmer-0~20150903+r2013/sim4dbutils/removeDuplicate.C:120:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, P, sizeof(sim4polish *) * pAlloc); data/kmer-0~20150903+r2013/sim4dbutils/reportAlignmentDifferences.C:12:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char datName[FILENAME_MAX]; data/kmer-0~20150903+r2013/sim4dbutils/reportAlignmentDifferences.C:13:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gnuName[FILENAME_MAX]; data/kmer-0~20150903+r2013/sim4dbutils/reportAlignmentDifferences.C:14:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pngName[FILENAME_MAX]; data/kmer-0~20150903+r2013/sim4dbutils/reportAlignmentDifferences.C:15:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gnuCmd[FILENAME_MAX]; data/kmer-0~20150903+r2013/sim4dbutils/reportAlignmentDifferences.C:75:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *DAT = fopen(datName, "w"); data/kmer-0~20150903+r2013/sim4dbutils/reportAlignmentDifferences.C:79:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *GNU = fopen(gnuName, "w"); data/kmer-0~20150903+r2013/sim4dbutils/sortPolishes.C:39:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r, q, sizeof(sim4polish)); data/kmer-0~20150903+r2013/sim4dbutils/sortPolishes.C:47:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r->_estDefLine, q->_estDefLine, sizeof(char) * l); data/kmer-0~20150903+r2013/sim4dbutils/sortPolishes.C:52:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r->_genDefLine, q->_genDefLine, sizeof(char) * l); data/kmer-0~20150903+r2013/sim4dbutils/sortPolishes.C:59:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r->_exons, q->_exons, sizeof(sim4polishExon) * q->_numExons); data/kmer-0~20150903+r2013/sim4dbutils/sortPolishes.C:68:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r->_exons[i]._estAlignment, q->_exons[i]._estAlignment, sizeof(char) * l); data/kmer-0~20150903+r2013/sim4dbutils/sortPolishes.C:75:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r->_exons[i]._genAlignment, q->_exons[i]._genAlignment, sizeof(char) * l); data/kmer-0~20150903+r2013/sim4dbutils/sortPolishes.C:125:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char **mergeNames = new char * [mergeFilesMax]; data/kmer-0~20150903+r2013/sim4dbutils/sortPolishes.C:159:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). upperAlloc = atoi(argv[arg]); data/kmer-0~20150903+r2013/sim4dbutils/sortPolishes.C:255:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(P, p, sizeof(sim4polish *) * pMax); data/kmer-0~20150903+r2013/sim4dbutils/summarizePolishes.C:131:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). numSeqs = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/summarizePolishes.C:137:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). id[idLen++] = atoi(argv[arg++]); data/kmer-0~20150903+r2013/sim4dbutils/summarizePolishes.C:142:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cv[cvLen++] = atoi(argv[arg++]); data/kmer-0~20150903+r2013/sim4dbutils/trimExons.C:43:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). trimmedFile = fopen(argv[arg], "w"); data/kmer-0~20150903+r2013/sim4dbutils/trimExons.C:170:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&save, p->exons+0, sizeof(sim4polishExon)); data/kmer-0~20150903+r2013/sim4dbutils/trimExons.C:173:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->exons+i-1, p->exons+i, sizeof(sim4polishExon)); data/kmer-0~20150903+r2013/sim4dbutils/trimExons.C:175:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->exons+p->numExons-1, &save, sizeof(sim4polishExon)); data/kmer-0~20150903+r2013/sim4dbutils/trimSequencesBasedOnMatches.C:28:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pfile = fopen(argv[++arg], "r"); data/kmer-0~20150903+r2013/sim4dbutils/uniqPolishes.C:81:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, P, sizeof(sim4polish *) * pAlloc); data/kmer-0~20150903+r2013/sim4dbutils/vennPolishes.C:92:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). foundMax = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/vennPolishes.C:94:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minI = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/vennPolishes.C:96:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minC = atoi(argv[++arg]); data/kmer-0~20150903+r2013/sim4dbutils/vennPolishes.C:98:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dumpIID = atoi(argv[++arg]); data/kmer-0~20150903+r2013/snapper/hitMatrix.C:388:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(o, theHits, theHitsPos * sizeof(aHit)); data/kmer-0~20150903+r2013/snapper/snapper2.C:42:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(name, "wb"); data/kmer-0~20150903+r2013/snapper/snapper2.C:425:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). resultFILE = open(config._outputFileName, data/kmer-0~20150903+r2013/snapper/snapper2.C:434:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). logmsgFILE = open(config._logmsgFileName, data/kmer-0~20150903+r2013/snapper/snapper2.H:425:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(h, _hits, sizeof(uint64) * _hitsLen); data/kmer-0~20150903+r2013/snapper/thr-polish-dp.C:91:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. alignA = new char [aMax + bMax + 1]; data/kmer-0~20150903+r2013/snapper/thr-polish-dp.C:92:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. alignB = new char [bMax + bMax + 1]; data/kmer-0~20150903+r2013/snapper/thr-polish-dp.C:444:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(o, qry->theOutput, sizeof(char) * qry->theOutputLen); data/kmer-0~20150903+r2013/snapper/thr-polish-dp.C:449:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(qry->theOutput + qry->theOutputLen, pstr, sizeof(char) * l); data/kmer-0~20150903+r2013/snapper/thr-polish.C:314:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(o, qry->theOutput, sizeof(char) * qry->theOutputLen); data/kmer-0~20150903+r2013/snapper/thr-polish.C:319:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(qry->theOutput + qry->theOutputLen, pstr, sizeof(char) * l); data/kmer-0~20150903+r2013/tapper/tagger.C:37:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char seqhdr[1024]; data/kmer-0~20150903+r2013/tapper/tagger.C:38:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char seqseq[1024]; data/kmer-0~20150903+r2013/tapper/tagger.C:39:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char qlthdr[1024]; data/kmer-0~20150903+r2013/tapper/tagger.C:40:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char qltseq[1024]; data/kmer-0~20150903+r2013/tapper/tagger.C:110:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char seqtst[1024]; data/kmer-0~20150903+r2013/tapper/tagger.C:169:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char seqa[265], seqb[256]; data/kmer-0~20150903+r2013/tapper/tagger.C:170:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char quaa[256], quab[256]; data/kmer-0~20150903+r2013/tapper/tagger.C:297:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cor[64] = {0}; data/kmer-0~20150903+r2013/tapper/tagger.C:298:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char seq[64] = {0}; data/kmer-0~20150903+r2013/tapper/tagger.C:301:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char acgt[4] = {'A', 'C', 'G', 'T'}; data/kmer-0~20150903+r2013/tapper/tagger.C:343:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errors[256] = {0}; data/kmer-0~20150903+r2013/tapper/tagger.C:344:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errort[256] = {0}; data/kmer-0~20150903+r2013/tapper/tagger.C:353:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errort, "\t%c->%c@%02d", o, seq[e], e); data/kmer-0~20150903+r2013/tapper/tagger.C:382:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fseq = fopen(tagfseq, "r"); data/kmer-0~20150903+r2013/tapper/tagger.C:383:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fqlt = fopen(tagfqlt, "r"); data/kmer-0~20150903+r2013/tapper/tagger.C:406:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *rseq = fopen(tagrseq, "r"); data/kmer-0~20150903+r2013/tapper/tagger.C:407:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *rqlt = fopen(tagrqlt, "r"); data/kmer-0~20150903+r2013/tapper/tagger.C:441:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fragout[FILENAME_MAX]; data/kmer-0~20150903+r2013/tapper/tagger.C:442:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mateout[FILENAME_MAX]; data/kmer-0~20150903+r2013/tapper/tapper.C:145:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _tagCOREC[TAG_LEN_MAX]; // For holding corrected color calls, only to generate ACGT align data/kmer-0~20150903+r2013/tapper/tapper.C:608:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s->resultFragment[i]._qual._tag1colorDiffs, data/kmer-0~20150903+r2013/tapper/tapper.C:762:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *df = fopen("tapper.DEBUG_MATES.err", "w"); data/kmer-0~20150903+r2013/tapper/tapper.C:915:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(f->_qual._tag1colorDiffs, data/kmer-0~20150903+r2013/tapper/tapper.C:952:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(f->_qual._tag2colorDiffs, data/kmer-0~20150903+r2013/tapper/tapper.C:990:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m->_qual._tag1colorDiffs, data/kmer-0~20150903+r2013/tapper/tapper.C:993:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m->_qual._tag2colorDiffs, data/kmer-0~20150903+r2013/tapper/tapper.C:1090:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g->maxMemory = atoi(argv[++arg]); data/kmer-0~20150903+r2013/tapper/tapper.C:1093:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g->numThreads = atoi(argv[++arg]); data/kmer-0~20150903+r2013/tapper/tapperComputation.H:153:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nits, tag1hits, sizeof(tapperHit) * tag1hitsLen); data/kmer-0~20150903+r2013/tapper/tapperComputation.H:162:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nits, tag2hits, sizeof(tapperHit) * tag2hitsLen); data/kmer-0~20150903+r2013/tapper/tapperComputation.H:186:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag1fseq[TAG_LEN_MAX], tag1rseq[TAG_LEN_MAX]; data/kmer-0~20150903+r2013/tapper/tapperComputation.H:187:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag2fseq[TAG_LEN_MAX], tag2rseq[TAG_LEN_MAX]; data/kmer-0~20150903+r2013/tapper/tapperGlobalData.H:100:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char colName[FILENAME_MAX]; data/kmer-0~20150903+r2013/tapper/tapperGlobalData.H:202:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *CF = fopen(colorname, "w"); data/kmer-0~20150903+r2013/tapper/tapperHit.H:223:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _tagCOLOR[TAG_LEN_MAX]; data/kmer-0~20150903+r2013/tapper/tapperHit.H:224:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _refCOLOR[TAG_LEN_MAX]; data/kmer-0~20150903+r2013/tapper/tapperHit.H:226:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _tagACGT[TAG_LEN_MAX]; data/kmer-0~20150903+r2013/tapper/tapperHit.H:227:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _refACGT[TAG_LEN_MAX]; data/kmer-0~20150903+r2013/tapper/tapperResult.H:113:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cor[128]; data/kmer-0~20150903+r2013/tapper/tapperResult.H:397:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[FILENAME_MAX]; data/kmer-0~20150903+r2013/tapper/tappererrorcorrect.C:138:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lines[1024][256]; data/kmer-0~20150903+r2013/tapper/tappererrorcorrect.C:172:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(lines[l] + rec->_pos - winLo + 25, " %c "uint16FMTW(05)"-"uint16FMTW(05)"-"uint16FMTW(05)"-"uint16FMTW(05)" ", data/kmer-0~20150903+r2013/tapper/tappererrorcorrect.C:257:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(linp, " M:%c@%02d(%07d)", data/kmer-0~20150903+r2013/tapper/tappererrorcorrect.C:267:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(linp, " E:%c@%02d(%07d)", data/kmer-0~20150903+r2013/tapper/tappermerge.C:13:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *inputs[8192]; data/kmer-0~20150903+r2013/tapper/tappersort.C:56:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ali[aliLen]._colorDiffs, data/kmer-0~20150903+r2013/tapper/tappersort.C:76:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ali[aliLen]._colorDiffs, data/kmer-0~20150903+r2013/tapper/tappersort.C:107:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ali[aliLen]._colorDiffs, data/kmer-0~20150903+r2013/tapper/tappersort.C:125:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ali[aliLen]._colorDiffs, data/kmer-0~20150903+r2013/tapper/tappersort.C:140:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[FILENAME_MAX]; data/kmer-0~20150903+r2013/tapper/tappersort.C:168:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *inputs[8192]; data/kmer-0~20150903+r2013/tapper/tappersort.C:245:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[FILENAME_MAX]; data/kmer-0~20150903+r2013/trie/trie.C:114:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). logfile = fopen(argv[++arg], "w"); data/kmer-0~20150903+r2013/atac-driver/chainer/halign/halign.C:415:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len1 = strlen(s1); data/kmer-0~20150903+r2013/atac-driver/chainer/halign/halign.C:416:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len2 = strlen(s2); data/kmer-0~20150903+r2013/atac-driver/chainer/halign/halignDriver.C:38:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(seq1), data/kmer-0~20150903+r2013/atac-driver/chainer/halign/halignDriver.C:39:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(seq2), data/kmer-0~20150903+r2013/atac-driver/chainer/localalign/GF_ALN_loverlapper.C:513:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(aseg, aseq+abeg, alen); data/kmer-0~20150903+r2013/atac-driver/chainer/localalign/GF_ALN_loverlapper.C:514:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bseg, bseq+bbeg, blen); data/kmer-0~20150903+r2013/atac-driver/chainer/localalign/GF_ALN_loverlapper.C:519:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (((int)strlen(bseg) != blen) || data/kmer-0~20150903+r2013/atac-driver/chainer/localalign/GF_ALN_loverlapper.C:520:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((int)strlen(aseg) != alen)) { data/kmer-0~20150903+r2013/atac-driver/chainer/localalign/GF_ALN_loverlapper.C:521:76: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stderr,"EXCEPTION strlen(aseg)=%d alen=%d abeg=%d\n", (int)strlen(aseg), alen, abeg); data/kmer-0~20150903+r2013/atac-driver/chainer/localalign/GF_ALN_loverlapper.C:522:76: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stderr,"EXCEPTION strlen(bseg)=%d blen=%d bbeg=%d\n", (int)strlen(bseg), blen, bbeg); data/kmer-0~20150903+r2013/atac-driver/chainer/localalign/GF_ALN_pieceOlap.C:49:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(*seg,seq+beg,end-beg); data/kmer-0~20150903+r2013/atac-driver/chainer/localalign/GF_ALN_pieceOlap.C:51:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return(strlen(*seg) - (end-beg) == 0); data/kmer-0~20150903+r2013/atac-driver/chainer/localalign/GF_ALN_pieceOlap.C:84:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)strlen(aseg),(int)strlen(bseg), alen,blen); data/kmer-0~20150903+r2013/atac-driver/chainer/localalign/GF_ALN_pieceOlap.C:84:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)strlen(aseg),(int)strlen(bseg), alen,blen); data/kmer-0~20150903+r2013/atac-driver/chainer/localalign/GF_ALN_pieceOlap.C:91:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)strlen(aseg),(int)strlen(bseg), alen,blen); data/kmer-0~20150903+r2013/atac-driver/chainer/localalign/GF_ALN_pieceOlap.C:91:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)strlen(aseg),(int)strlen(bseg), alen,blen); data/kmer-0~20150903+r2013/atac-driver/clumpMaker/clumpMaker.C:342:7: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(C.parentuid, "."); data/kmer-0~20150903+r2013/atac-driver/clumpMaker/clumpMaker.C:379:7: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(hits[mm].match.parentuid, "."); data/kmer-0~20150903+r2013/atac-driver/gapShifter/cleanAtac.C:155:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, a, m->len1); data/kmer-0~20150903+r2013/atac-driver/gapShifter/cleanAtac.C:159:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, b, m->len1); data/kmer-0~20150903+r2013/atac-driver/gapShifter/testAtac.C:95:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, a, m->len1); data/kmer-0~20150903+r2013/atac-driver/gapShifter/testAtac.C:99:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, b, m->len1); data/kmer-0~20150903+r2013/atac-driver/libatac/atacMatch.C:50:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(matchuid, muid, 16); data/kmer-0~20150903+r2013/atac-driver/libatac/atacMatch.C:51:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(parentuid, puid, 16); data/kmer-0~20150903+r2013/atac-driver/libatac/atacMatch.C:100:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(matchuid, S[2], 16); data/kmer-0~20150903+r2013/atac-driver/libatac/atacMatch.C:101:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(parentuid, S[3], 16); data/kmer-0~20150903+r2013/atac-driver/libatac/fasta-accessor.H:48:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _len = (uint32)strlen(S); data/kmer-0~20150903+r2013/atac-driver/matchExtender/match.H:40:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_matchId, matchId, 32); data/kmer-0~20150903+r2013/leaff/leaff.C:226:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 l = strlen(seq); data/kmer-0~20150903+r2013/leaff/leaff.C:338:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char x = B.read(); data/kmer-0~20150903+r2013/leaff/leaff.C:346:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = B.read(); data/kmer-0~20150903+r2013/leaff/leaff.C:353:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = B.read(); data/kmer-0~20150903+r2013/leaff/leaff.C:599:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int al = strlen(argv[arg+1]); data/kmer-0~20150903+r2013/libbio/kmer.C:54:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _templateSpan = strlen(tm); data/kmer-0~20150903+r2013/libbio/test/halign-test.C:19:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(s1), strlen(s2), data/kmer-0~20150903+r2013/libbio/test/halign-test.C:19:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(s1), strlen(s2), data/kmer-0~20150903+r2013/libbio/test/halign-test.C:45:52: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. fprintf(stdout, "mismatch=%d gap=%d match=%d\n", mismatch, gap, match); data/kmer-0~20150903+r2013/libbio/test/test-bigmer-msf.C:134:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(mseq + i * TEST_SIZE, copy, TEST_SIZE); data/kmer-0~20150903+r2013/libkmer/driver-existDB.C:24:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *prefixfilename = new char [strlen(prefix) + 32]; data/kmer-0~20150903+r2013/libkmer/existDB-create-from-sequence.C:38:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 tblBits = logBaseTwo64(strlen(sequence)); data/kmer-0~20150903+r2013/libkmer/existDB-create-from-sequence.C:67:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new seqStream(sequence, strlen(sequence)), data/kmer-0~20150903+r2013/libkmer/existDB-create-from-sequence.C:205:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new seqStream(sequence, strlen(sequence)), data/kmer-0~20150903+r2013/libkmer/existDB-state.C:24:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cigam, magic, 16); data/kmer-0~20150903+r2013/libmeryl/libmeryl.C:22:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *inpath = new char [strlen(fn) + 8]; data/kmer-0~20150903+r2013/libmeryl/libmeryl.C:201:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *outpath = new char [strlen(fn) + 17]; data/kmer-0~20150903+r2013/libseq/fastaFile.C:75:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char x = r->read(); data/kmer-0~20150903+r2013/libseq/fastaFile.C:78:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = r->read(); data/kmer-0~20150903+r2013/libseq/fastaFile.C:181:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastaFile.C:185:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastaFile.C:195:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastaFile.C:199:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastaFile.C:211:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastaFile.C:217:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastaFile.C:236:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastaFile.C:271:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastaFile.C:275:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastaFile.C:286:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastaFile.C:290:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastaFile.C:297:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastaFile.C:305:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastaFile.C:403:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 l = strlen(_filename); data/kmer-0~20150903+r2013/libseq/fastaFile.C:440:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char x = ib.read(); data/kmer-0~20150903+r2013/libseq/fastaFile.C:453:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = ib.read(); data/kmer-0~20150903+r2013/libseq/fastaFile.C:474:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = ib.read(); data/kmer-0~20150903+r2013/libseq/fastaFile.C:490:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = ib.read(); data/kmer-0~20150903+r2013/libseq/fastaFile.C:507:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = ib.read(); data/kmer-0~20150903+r2013/libseq/fastaFile.C:515:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = ib.read(); data/kmer-0~20150903+r2013/libseq/fastaFile.C:532:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = ib.read(); data/kmer-0~20150903+r2013/libseq/fastaFile.C:556:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = ib.read(); data/kmer-0~20150903+r2013/libseq/fastaStdin.C:50:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 fl = strlen(filename); data/kmer-0~20150903+r2013/libseq/fastaStdin.C:101:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return(strlen(_sequence)); data/kmer-0~20150903+r2013/libseq/fastaStdin.C:206:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastaStdin.C:210:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastaStdin.C:220:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastaStdin.C:224:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastaStdin.C:237:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastaStdin.C:243:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastaStdin.C:258:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastqFile.C:75:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char x = r->read(); data/kmer-0~20150903+r2013/libseq/fastqFile.C:78:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = r->read(); data/kmer-0~20150903+r2013/libseq/fastqFile.C:171:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastqFile.C:175:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastqFile.C:185:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastqFile.C:189:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastqFile.C:201:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastqFile.C:207:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastqFile.C:226:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastqFile.C:236:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastqFile.C:237:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastqFile.C:239:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastqFile.C:268:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastqFile.C:272:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastqFile.C:283:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastqFile.C:287:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastqFile.C:294:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastqFile.C:302:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastqFile.C:398:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 l = strlen(_filename); data/kmer-0~20150903+r2013/libseq/fastqFile.C:435:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char x = ib.read(); data/kmer-0~20150903+r2013/libseq/fastqFile.C:448:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = ib.read(); data/kmer-0~20150903+r2013/libseq/fastqFile.C:469:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = ib.read(); data/kmer-0~20150903+r2013/libseq/fastqFile.C:485:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = ib.read(); data/kmer-0~20150903+r2013/libseq/fastqFile.C:502:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = ib.read(); data/kmer-0~20150903+r2013/libseq/fastqFile.C:510:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = ib.read(); data/kmer-0~20150903+r2013/libseq/fastqFile.C:527:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = ib.read(); data/kmer-0~20150903+r2013/libseq/fastqFile.C:559:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = ib.read(); data/kmer-0~20150903+r2013/libseq/fastqFile.C:560:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = ib.read(); data/kmer-0~20150903+r2013/libseq/fastqFile.C:562:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = ib.read(); data/kmer-0~20150903+r2013/libseq/fastqFile.C:564:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = ib.read(); data/kmer-0~20150903+r2013/libseq/fastqStdin.C:50:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 fl = strlen(filename); data/kmer-0~20150903+r2013/libseq/fastqStdin.C:101:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return(strlen(_sequence)); data/kmer-0~20150903+r2013/libseq/fastqStdin.C:206:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastqStdin.C:210:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastqStdin.C:220:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastqStdin.C:224:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastqStdin.C:237:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastqStdin.C:243:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastqStdin.C:258:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastqStdin.C:268:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastqStdin.C:269:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/fastqStdin.C:271:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = _rb->read(); data/kmer-0~20150903+r2013/libseq/selftest.C:19:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(s) != SF->getSequenceLength(sid)) || data/kmer-0~20150903+r2013/libseq/selftest.C:20:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(s) != sLen) || data/kmer-0~20150903+r2013/libseq/selftest.C:23:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sid, h, strlen(s), sLen, SF->getSequenceLength(sid)); data/kmer-0~20150903+r2013/libseq/selftest.C:39:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(p) != SF->getSequenceLength(sid)) { data/kmer-0~20150903+r2013/libseq/selftest.C:41:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sid, strlen(p), SF->getSequenceLength(sid)); data/kmer-0~20150903+r2013/libseq/sffFile.C:19:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). _rb->read(&_header, 31); data/kmer-0~20150903+r2013/libseq/sffFile.C:36:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). _rb->read(_header.flow_chars, sizeof(char) * _header.number_of_flows_per_read); data/kmer-0~20150903+r2013/libseq/sffFile.C:37:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). _rb->read(_header.key_sequence, sizeof(char) * _header.key_length); data/kmer-0~20150903+r2013/libseq/sffFile.C:55:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). _rb->read(&_read, 16); data/kmer-0~20150903+r2013/libseq/sffFile.C:139:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). _rb->read(&_read, 16); data/kmer-0~20150903+r2013/libseq/sffFile.C:154:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). _rb->read(_read.name, sizeof(char) * _read.name_length); data/kmer-0~20150903+r2013/libseq/sffFile.C:165:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). _rb->read(_read.bases, sizeof(char) * _read.number_of_bases); data/kmer-0~20150903+r2013/libseq/test-correctSequence.H:47:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). correctSequence[i].headerLength = strlen(correctSequence[i].header); data/kmer-0~20150903+r2013/libseq/test-merStream.C:80:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). reverseComplementSequence(rmerstr, strlen(rmerstr)); data/kmer-0~20150903+r2013/libseq/test-merStream.C:115:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmerstr, correctSequence[piid].sequence + pseq, mersize); data/kmer-0~20150903+r2013/libseq/test-merStream.C:135:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmerstr, chainSeq + pstr + piid * sepLen, mersize); data/kmer-0~20150903+r2013/libseq/test-seqCache.C:33:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(S->sequence()) != correctSequence[sid].sequenceLength) { data/kmer-0~20150903+r2013/libseq/test-seqCache.C:34:121: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stderr, "testID:"uint32FMT" - sequence length differs strlen "uint32FMT" vs "uint32FMT"\n", testID, (uint32)strlen(S->sequence()), correctSequence[sid].sequenceLength); data/kmer-0~20150903+r2013/libseq/test-seqStream.C:174:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 sie = strlen(chainSeq); data/kmer-0~20150903+r2013/libseq/test/test-merstream-speed.C:28:5: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fgetc(F), C->tick(); data/kmer-0~20150903+r2013/libsim4/sim4core/glimmerSplice.C:235:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (s, buff, n); data/kmer-0~20150903+r2013/libsim4/sim4core/glimmerSplice.C:363:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (buff, w, fixed.length); data/kmer-0~20150903+r2013/libsim4/sim4core/sim4b1_s.C:10:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). seedLength = strlen(seed); data/kmer-0~20150903+r2013/libsim4/sim4core/sim4b1_s.C:36:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). maskSeedLength = strlen(seed_mask); data/kmer-0~20150903+r2013/libsim4/sim4core/sim4b1a.C:20:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void)strncpy((char *)(tmp+2),(char *)_estSeq,(size_t)sig->pos2-1); data/kmer-0~20150903+r2013/libsim4/sim4core/sim4b1a.C:42:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void)strncpy((char *)(tmp+2),(char *)(_estSeq+sig->pos2), data/kmer-0~20150903+r2013/libsim4/sim4core/sim4parameters.H:74:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(z) < SPACED_SEED_MAX_LEN); data/kmer-0~20150903+r2013/libsim4/sim4core/sites.C:279:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( strlen(Data) >= SITE_LEN); data/kmer-0~20150903+r2013/libsim4/sim4core/sites.C:374:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( strlen(Data) >= SITE_LEN); data/kmer-0~20150903+r2013/libsim4/sim4core/sites.C:456:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len=strlen(line); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-copy.C:30:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 len = strlen(orig->_estAlignment) + 1; data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-copy.C:36:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 len = strlen(orig->_genAlignment) + 1; data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-copy.C:82:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 len = strlen(orig->_comment) + 1; data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-copy.C:88:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 len = strlen(orig->_estDefLine) + 1; data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-copy.C:94:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 len = strlen(orig->_genDefLine) + 1; data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-deleteexon.C:79:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). alignmentLength += 2 * strlen(ed); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:43:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 lenref = strlen(ref); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:44:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 lentgt = strlen(tgt); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:147:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((_comment) ? strlen(_comment) : 0) + data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:148:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((_estDefLine) ? strlen(_estDefLine) : 0) + data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:149:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((_genDefLine) ? strlen(_genDefLine) : 0)); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:153:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). spaceNeeded += 2 * strlen(_exons[i]._estAlignment); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:278:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((_comment) ? strlen(_comment) : 0) + data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:279:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((_estDefLine) ? strlen(_estDefLine) : 0) + data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:280:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((_genDefLine) ? strlen(_genDefLine) : 0)); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:284:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). spaceNeeded += 2 * strlen(_exons[i]._estAlignment); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-polishtostring.C:384:37: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. default: sprintf(outc, "\n"); break; data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-read.C:42:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). thisLineLen = rb->read(thisLine, thisLineMax, '\n'); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-read.C:48:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). thisLineLen = rb->read(thisLine, thisLineMax, '\n'); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-read.C:61:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). thisLineLen = rb->read(thisLine, thisLineMax, '\n'); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-read.C:121:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). thisLineLen = rb->read(thisLine, thisLineMax, '\n'); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-read.C:128:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). thisLineLen = rb->read(thisLine, thisLineMax, '\n'); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polish-read.C:146:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). thisLineLen = rb->read(thisLine, thisLineMax, '\n'); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishBuilder.C:83:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). it->_estDefLine = new char [strlen(defline) + 1]; data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishBuilder.C:84:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(it->_estDefLine, defline, sizeof(char) * (strlen(defline) + 1)); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishBuilder.C:95:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). it->_genDefLine = new char [strlen(defline) + 1]; data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishBuilder.C:96:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(it->_genDefLine, defline, sizeof(char) * (strlen(defline) + 1)); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishBuilder.C:223:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ex[exAli]->_estAlignment = (char *)memdup(estalign, (strlen(estalign) + 1) * sizeof(char)); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishBuilder.C:224:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ex[exAli]->_genAlignment = (char *)memdup(genalign, (strlen(genalign) + 1) * sizeof(char)); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishFile.C:39:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _path = new char [strlen(path) + 1]; data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishFile.C:130:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(_path) + 32; data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishFile.C:177:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(_path) + 32; data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishReader.C:25:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). _rb->read(firstLine, 1024, '\n'); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishWriter.C:29:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) > FILENAME_MAX) data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishWriter.C:33:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_otName, name, FILENAME_MAX); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishWriter.C:143:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(lastSlash) > 32) data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishWriter.C:146:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_sourceName, lastSlash, 32); data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishWriter.C:154:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(prefix) > 32) data/kmer-0~20150903+r2013/libsim4/sim4polish/sim4polishWriter.C:157:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_matchIDprefix, prefix, 32); data/kmer-0~20150903+r2013/libutil/bigQueue.C:32:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _saveFile = new char [strlen(filename) + 1]; data/kmer-0~20150903+r2013/libutil/bigQueue.C:36:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmpPath = new char [strlen(tmppath) + 1]; data/kmer-0~20150903+r2013/libutil/bitPackedFile.C:16:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _name = new char [strlen(name) + 1]; data/kmer-0~20150903+r2013/libutil/bitPackedFile.C:101:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nr += read(_file, c, sizeof(char) * 16); data/kmer-0~20150903+r2013/libutil/bitPackedFile.C:102:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nr += read(_file, &ac, sizeof(uint64)); data/kmer-0~20150903+r2013/libutil/bitPackedFile.C:103:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nr += read(_file, &bc, sizeof(uint64)); data/kmer-0~20150903+r2013/libutil/bitPackedFile.C:374:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t wordsread = read(_file, _bfr, sizeof(uint64) * _bfrmax); data/kmer-0~20150903+r2013/libutil/bzipBuffer.C:17:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _filename = new char [strlen(filename) + 1]; data/kmer-0~20150903+r2013/libutil/bzipBuffer.C:141:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). _bzip2stream.avail_in = (uint32)::read(_file, _bzip2in, sizeof(char) * _bzip2bufferMax); data/kmer-0~20150903+r2013/libutil/bzipBuffer.C:171:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bzipBuffer::read(char *buf, size_t len) { data/kmer-0~20150903+r2013/libutil/bzipBuffer.C:215:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bAct = (uint32)::read(_file, buf + bCopied + bRead, (len - bCopied - bRead) * sizeof(char)); data/kmer-0~20150903+r2013/libutil/bzipBuffer.H:20:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t read(char *buf, size_t len); // read the next len bytes into the user buffer buf data/kmer-0~20150903+r2013/libutil/file.c:262:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = (char *)malloc(sizeof(char) * (strlen(path) + 1)); data/kmer-0~20150903+r2013/libutil/file.c:335:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). written = read(filedes, ((char *)buffer) + position, toread); data/kmer-0~20150903+r2013/libutil/file.c:367:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((strcmp(path + strlen(path) - 4, ".bz2") == 0) || data/kmer-0~20150903+r2013/libutil/file.c:368:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strcmp(path + strlen(path) - 3, ".gz") == 0))) { data/kmer-0~20150903+r2013/libutil/file.c:390:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strcmp(path + strlen(path) - 4, ".bz2") == 0) data/kmer-0~20150903+r2013/libutil/file.c:392:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strcmp(path + strlen(path) - 3, ".gz") == 0) data/kmer-0~20150903+r2013/libutil/kazlib/drivers/dict-main.c:42:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int sz = strlen(str) + 1; data/kmer-0~20150903+r2013/libutil/kazlib/drivers/hash-main.c:36:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int sz = strlen(str) + 1; data/kmer-0~20150903+r2013/libutil/kazlib/drivers/list-main.c:42:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int sz = strlen(str) + 1; data/kmer-0~20150903+r2013/libutil/kazlib/sfx.c:72:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ctx->size = strlen((const char *) expr) + 1; data/kmer-0~20150903+r2013/libutil/readBuffer.C:39:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _filename = new char [strlen(filename) + 1]; data/kmer-0~20150903+r2013/libutil/readBuffer.C:128:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). _bufferLen = (uint64)::read(_file, _buffer, _bufferMax); data/kmer-0~20150903+r2013/libutil/readBuffer.C:180:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readBuffer::read(void *buf, uint64 len) { data/kmer-0~20150903+r2013/libutil/readBuffer.C:226:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bAct = (uint64)::read(_file, bufchar + bCopied + bRead, len - bCopied - bRead); data/kmer-0~20150903+r2013/libutil/readBuffer.C:247:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readBuffer::read(void *buf, uint64 maxlen, char stop) { data/kmer-0~20150903+r2013/libutil/readBuffer.H:15:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char read(void); data/kmer-0~20150903+r2013/libutil/readBuffer.H:16:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). uint64 read(void *buf, uint64 len); data/kmer-0~20150903+r2013/libutil/readBuffer.H:17:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). uint64 read(void *buf, uint64 maxlen, char stop); data/kmer-0~20150903+r2013/libutil/readBuffer.H:71:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readBuffer::read(void) { data/kmer-0~20150903+r2013/libutil/recordFile.C:22:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _name = new char [strlen(name) + 1]; data/kmer-0~20150903+r2013/libutil/recordFile.C:112:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(_file, &m1, sizeof(uint64)); data/kmer-0~20150903+r2013/libutil/recordFile.C:113:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(_file, &m2, sizeof(uint64)); data/kmer-0~20150903+r2013/libutil/recordFile.C:114:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(_file, &_numRecords, sizeof(uint64)); data/kmer-0~20150903+r2013/libutil/recordFile.C:115:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(_file, &_recordSize, sizeof(uint32)); data/kmer-0~20150903+r2013/libutil/recordFile.C:116:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(_file, &_headerSize, sizeof(uint32)); data/kmer-0~20150903+r2013/libutil/recordFile.C:117:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(_file, _header, sizeof(char) * _headerSize); data/kmer-0~20150903+r2013/libutil/recordFile.C:231:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(_file, _bfr, _recordSize * _bfrmax); data/kmer-0~20150903+r2013/libutil/test/endianess.c:80:42: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fprintf(stderr, "usage: %s [ write | read ] < source > check\n", argv[0]); data/kmer-0~20150903+r2013/libutil/test/test-bzipBuffer.C:39:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bufferLen = B->read(buffer, bufferSize); data/kmer-0~20150903+r2013/libutil/test/test-md5.c:28:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). md5_toascii(md5_string(&m, str, strlen(str)), r); data/kmer-0~20150903+r2013/libutil/test/test-readBuffer.C:18:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (char x = B->read(); !B->eof(); x = B->read()) { data/kmer-0~20150903+r2013/libutil/test/test-readBuffer.C:18:46: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (char x = B->read(); !B->eof(); x = B->read()) { data/kmer-0~20150903+r2013/libutil/test/test-readBuffer.C:49:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bufferLen = B->read(buffer, bufferSize); data/kmer-0~20150903+r2013/meryl/args.C:18:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (uint32)strlen(str) + 1; data/kmer-0~20150903+r2013/meryl/args.C:64:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 len = (uint32)strlen(str); data/kmer-0~20150903+r2013/meryl/args.C:284:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). optionsLen += strlen(argv[arg]) + 1; data/kmer-0~20150903+r2013/meryl/args.C:502:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *filename = new char [strlen(prefix) + 17]; data/kmer-0~20150903+r2013/meryl/args.C:562:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). filename = new char [strlen(outputFile) + 17]; data/kmer-0~20150903+r2013/meryl/asmMerQC-regions.C:818:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (uint32 z=strlen(W[0])-1; z--; ) data/kmer-0~20150903+r2013/meryl/build.C:341:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *filename = new char [strlen(args->outputFile) + 17]; data/kmer-0~20150903+r2013/meryl/build.C:531:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *batchOutputFile = new char [strlen(args->outputFile) + 33]; data/kmer-0~20150903+r2013/meryl/build.C:782:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). argv[argc] = new char [strlen(args->outputFile) + 33]; data/kmer-0~20150903+r2013/meryl/build.C:804:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *filename = new char [strlen(args->outputFile) + 17]; data/kmer-0~20150903+r2013/meryl/build.C:821:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *filename = new char [strlen(args->outputFile) + 17]; data/kmer-0~20150903+r2013/meryl/kmer-mask.C:74:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). aLength = strlen(a2); data/kmer-0~20150903+r2013/meryl/kmer-mask.C:88:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bLength = strlen(b2); data/kmer-0~20150903+r2013/meryl/kmer-mask.C:465:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int32 L = (filename == NULL) ? 0 : strlen(filename); data/kmer-0~20150903+r2013/meryl/merge.listmerge.C:109:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void read(merylStreamReader *R, uint32 num, bool loadAll) { data/kmer-0~20150903+r2013/meryl/merge.listmerge.C:280:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). M->read(R[i], maxSize / args->mergeFilesLen, loadAll); data/kmer-0~20150903+r2013/meryl/merge.listmerge.C:319:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). M->read(R[i], additionalLoading, loadAll); data/kmer-0~20150903+r2013/meryl/merge.qsort.C:99:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void read(merylStreamReader *R, uint32 num) { data/kmer-0~20150903+r2013/meryl/merge.qsort.C:223:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). M->read(R[i], 1 + i); data/kmer-0~20150903+r2013/meryl/merge.qsort.C:259:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). M->read(R[i], maxSize / args->mergeFilesLen); data/kmer-0~20150903+r2013/meryl/merge.qsort.C:268:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). M->read(R[i], 2 * 1024); data/kmer-0~20150903+r2013/meryl/merge.qsort.C:332:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). M->read(R[i], additionalLoading); data/kmer-0~20150903+r2013/meryl/merge.qsort.C:343:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). M->read(R[i], 2 * 1024); data/kmer-0~20150903+r2013/meryl/mervin.C:610:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char ch = glob->inBuffer->read(); data/kmer-0~20150903+r2013/meryl/mervin.C:628:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). uint32 len = glob->inBuffer->read(glob->inputBuffer, glob->inputBufferMax); data/kmer-0~20150903+r2013/seagen/aHit.C:16:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). F->read((char *)a, sizeof(aHit)); data/kmer-0~20150903+r2013/seagen/configuration.C:163:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). configuration::read(int argc, char **argv) { data/kmer-0~20150903+r2013/seagen/configuration.H:94:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void read(int argc, char **argv); data/kmer-0~20150903+r2013/seagen/hitConverter.C:68:18: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char x = (char)fgetc(stdin); data/kmer-0~20150903+r2013/seagen/misc/f.C:66:20: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char x = (char)fgetc(file); data/kmer-0~20150903+r2013/seagen/misc/h.C:51:20: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char x = (char)fgetc(file); data/kmer-0~20150903+r2013/seagen/searchGENOME.C:20:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). config.read(argc, argv); data/kmer-0~20150903+r2013/seagen/sortHits.C:34:20: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char x = (char)fgetc(theFile); data/kmer-0~20150903+r2013/seagen/test/encodedQueryTest.C:25:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). seqInCore *S = new seqInCore(i, hdr, strlen(hdr), seq, 9999); data/kmer-0~20150903+r2013/seagen/thr-deadlock.C:152:57: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. * 1 default thread blocked kern usleep SCHED_OTHER 19 data/kmer-0~20150903+r2013/seagen/thr-deadlock.C:155:57: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. > 2 <anonymous> blocked kern usleep SCHED_OTHER 19 data/kmer-0~20150903+r2013/seagen/thr-deadlock.C:264:57: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. > 2 <anonymous> blocked kern usleep SCHED_OTHER 19 data/kmer-0~20150903+r2013/seagen/thr-deadlock.C:274:57: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. >* 1 default thread blocked kern usleep SCHED_OTHER 19 data/kmer-0~20150903+r2013/seagen/thr-deadlock.C:291:57: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. >* 4 <anonymous> blocked kern usleep SCHED_OTHER 19 data/kmer-0~20150903+r2013/seagen/thr-deadlock.C:347:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). 38 exc read rwl Normal data/kmer-0~20150903+r2013/seagen/thr-deadlock.C:434:57: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. >* 4 <anonymous> blocked kern usleep SCHED_OTHER 19 data/kmer-0~20150903+r2013/seagen/thr-output.C:62:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(config._matchCountsFile, str, strlen(str)); data/kmer-0~20150903+r2013/seatac/configuration.C:123:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). configuration::read(int argc, char **argv) { data/kmer-0~20150903+r2013/seatac/filter-heavychains.C:79:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(assemblyId1, assemblyid1, 31); data/kmer-0~20150903+r2013/seatac/filter-heavychains.C:80:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(assemblyId2, assemblyid2, 31); data/kmer-0~20150903+r2013/seatac/filter-nop.C:39:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name1, n1, 31); data/kmer-0~20150903+r2013/seatac/filter-nop.C:40:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name2, n2, 31); data/kmer-0~20150903+r2013/seatac/filterObj.H:80:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). soOpts = new char [strlen(op_) + 1]; data/kmer-0~20150903+r2013/seatac/filterObj.H:87:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name1, W.getWord(++arg), 31); data/kmer-0~20150903+r2013/seatac/filterObj.H:89:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name2, W.getWord(++arg), 31); data/kmer-0~20150903+r2013/seatac/heavychains.H:53:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(assemblyId1, assemblyid1, 31); data/kmer-0~20150903+r2013/seatac/heavychains.H:54:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(assemblyId2, assemblyid2, 31); data/kmer-0~20150903+r2013/seatac/heavychains.H:169:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(assemblyId1, assemblyid1, 31); // Note the cap 'i' data/kmer-0~20150903+r2013/seatac/heavychains.H:170:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(assemblyId2, assemblyid2, 31); data/kmer-0~20150903+r2013/seatac/seatac.C:51:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). config.read(argc, argv); data/kmer-0~20150903+r2013/seatac/seatac.H:128:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void read(int argc, char **argv); data/kmer-0~20150903+r2013/seatac/sharedObj.H:19:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path = new char [strlen(p) + 1]; data/kmer-0~20150903+r2013/seatac/statObj.H:50:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). soOpts = new char [strlen(op_) + 1]; data/kmer-0~20150903+r2013/sim4db/sim4th.C:85:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char x = scriptFile->read(); data/kmer-0~20150903+r2013/sim4db/sim4th.C:90:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = scriptFile->read(); data/kmer-0~20150903+r2013/sim4db/sim4th.C:105:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = scriptFile->read(); data/kmer-0~20150903+r2013/sim4db/sim4th.C:316:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(fOutput, o, strlen(o) * sizeof(char)); data/kmer-0~20150903+r2013/sim4db/sim4th.C:332:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(fYesNo, str, strlen(str) * sizeof(char)); data/kmer-0~20150903+r2013/sim4dbutils/convertToAtac.C:39:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 len = strlen(a) - 1; data/kmer-0~20150903+r2013/sim4dbutils/convertToAtac.C:71:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(a) - 1; data/kmer-0~20150903+r2013/sim4dbutils/convertToAtac.C:264:26: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. while ((aPos > mismatch) && data/kmer-0~20150903+r2013/sim4dbutils/convertToAtac.C:275:22: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (mLen > mismatch) { data/kmer-0~20150903+r2013/sim4dbutils/convertToAtac.C:276:21: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. mLen -= mismatch; data/kmer-0~20150903+r2013/sim4dbutils/convertToAtac.C:295:21: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. mLen += mismatch; data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:65:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(W[0]) >= SEQNAME_MAX) data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:68:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(W[6]) >= SEQNAME_MAX) data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:71:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(W[0]) < SEQNAME_MAX); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:72:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(W[6]) < SEQNAME_MAX); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:92:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(p->_estDefLine) >= SEQNAME_MAX) data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:95:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(p->_genDefLine) >= SEQNAME_MAX) data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:98:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(p->_estDefLine) < SEQNAME_MAX); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:99:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(p->_genDefLine) < SEQNAME_MAX); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:157:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(W[9]) >= SEQNAME_MAX) data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:160:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(W[10]) >= SEQNAME_MAX) data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:163:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(W[9]) < SEQNAME_MAX); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:164:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(W[10]) < SEQNAME_MAX); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:228:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(W[9]) >= SEQNAME_MAX) data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:231:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(W[10]) >= SEQNAME_MAX) data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:234:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(W[9]) < SEQNAME_MAX); data/kmer-0~20150903+r2013/sim4dbutils/pickBestPair.C:235:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(W[10]) < SEQNAME_MAX); data/kmer-0~20150903+r2013/sim4dbutils/pickUniquePolish-nhgri.C:559:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strcmp(argv[arg] + strlen(argv[arg]) - 4, ".bz2") == 0) { data/kmer-0~20150903+r2013/sim4dbutils/pickUniquePolish-nhgri.C:563:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (strcmp(argv[arg] + strlen(argv[arg]) - 3, ".gz") == 0) { data/kmer-0~20150903+r2013/sim4dbutils/pickUniquePolish-nhgri.C:584:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strcmp(argv[arg] + strlen(argv[arg]) - 4, ".bz2") == 0) data/kmer-0~20150903+r2013/sim4dbutils/pickUniquePolish-nhgri.C:586:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strcmp(argv[arg] + strlen(argv[arg]) - 3, ".gz") == 0) data/kmer-0~20150903+r2013/sim4dbutils/realignPolishes.C:203:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(s1, EST->getSequenceInCore(p->_estID)->sequence() + p->_exons[i]._estFrom - 1, l1); data/kmer-0~20150903+r2013/sim4dbutils/realignPolishes.C:204:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(s2, GEN->getSequenceInCore(p->_genID)->sequence() + p->_exons[i]._genFrom - 1, l2); data/kmer-0~20150903+r2013/sim4dbutils/realignPolishes.C:207:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(s1, EST->getSequenceInCore(p->_estID)->sequence() + p->_estLen - p->_exons[i]._estTo, l1); data/kmer-0~20150903+r2013/sim4dbutils/sortPolishes.C:45:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(q->_estDefLine) + 1; data/kmer-0~20150903+r2013/sim4dbutils/sortPolishes.C:50:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(q->_genDefLine) + 1; data/kmer-0~20150903+r2013/sim4dbutils/sortPolishes.C:66:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(q->_exons[i]._estAlignment) + 1; data/kmer-0~20150903+r2013/sim4dbutils/sortPolishes.C:73:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(q->_exons[i]._genAlignment) + 1; data/kmer-0~20150903+r2013/snapper/configuration.C:80:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). configuration::read(int argc, char **argv) { data/kmer-0~20150903+r2013/snapper/snapper2.C:221:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). config.read(argc, argv); data/kmer-0~20150903+r2013/snapper/snapper2.H:85:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void read(int argc, char **argv); data/kmer-0~20150903+r2013/snapper/thr-polish-dp.C:433:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 l = (uint32)strlen(pstr); data/kmer-0~20150903+r2013/snapper/thr-polish.C:303:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 l = (uint32)strlen(pstr); data/kmer-0~20150903+r2013/tapper/tagger.C:115:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 len = strlen(seqtst); data/kmer-0~20150903+r2013/tapper/tapper.C:203:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_refACGT, seq + po_in, _len-1); data/kmer-0~20150903+r2013/tapper/tapperComputation.H:42:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tag1size = strlen(tag1fseq); data/kmer-0~20150903+r2013/tapper/tapperComputation.H:66:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tag2size = strlen(tag2fseq); data/kmer-0~20150903+r2013/tapper/tapperResult.H:465:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(tapperResult *align) { data/kmer-0~20150903+r2013/tapper/tapperTag.H:67:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 len = strlen(seq); data/kmer-0~20150903+r2013/tapper/tapperconvert.C:60:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (inp->read(res)) { data/kmer-0~20150903+r2013/tapper/tappererrorcorrect.C:160:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). #warning need the real read size here data/kmer-0~20150903+r2013/tapper/tappererrorcorrect.C:177:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lineLen[l] = strlen(lines[l]); // Convert that trailing nul into a whitespace. data/kmer-0~20150903+r2013/tapper/tappermerge.C:50:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (inp->read(res)) data/kmer-0~20150903+r2013/tapper/tappersort.C:211:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (inp->read(res)) { ANALYSIS SUMMARY: Hits = 1488 Lines analyzed = 99411 in approximately 5.82 seconds (17080 lines/second) Physical Source Lines of Code (SLOC) = 69127 Hits@level = [0] 3476 [1] 346 [2] 818 [3] 5 [4] 319 [5] 0 Hits@level+ = [0+] 4964 [1+] 1488 [2+] 1142 [3+] 324 [4+] 319 [5+] 0 Hits/KSLOC@level+ = [0+] 71.8099 [1+] 21.5256 [2+] 16.5203 [3+] 4.68703 [4+] 4.61469 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.