Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libgff-2.0.0/include/GArgs.h Examining data/libgff-2.0.0/include/GBase.h Examining data/libgff-2.0.0/include/GFaSeqGet.h Examining data/libgff-2.0.0/include/GFastaIndex.h Examining data/libgff-2.0.0/include/GStr.h Examining data/libgff-2.0.0/include/codons.h Examining data/libgff-2.0.0/include/gdna.h Examining data/libgff-2.0.0/include/gff.h Examining data/libgff-2.0.0/src/GArgs.cpp Examining data/libgff-2.0.0/src/GBase.cpp Examining data/libgff-2.0.0/src/GFaSeqGet.cpp Examining data/libgff-2.0.0/src/GFastaIndex.cpp Examining data/libgff-2.0.0/src/GStr.cpp Examining data/libgff-2.0.0/src/TestGFFParse.cpp Examining data/libgff-2.0.0/src/codons.cpp Examining data/libgff-2.0.0/src/gdna.cpp Examining data/libgff-2.0.0/src/gff.cpp FINAL RESULTS: data/libgff-2.0.0/include/GBase.h:36:11: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. #ifndef popen data/libgff-2.0.0/include/GBase.h:37:12: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. #define popen _popen data/libgff-2.0.0/include/GBase.h:114:29: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, "Error: "); fprintf(stderr, a); \ data/libgff-2.0.0/include/GFaSeqGet.h:243:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s+slen, gseqname); data/libgff-2.0.0/src/GBase.cpp:21:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(msg,"%s(%d): ASSERT(%s) failed.\n",filename,lineno,expression); data/libgff-2.0.0/src/GBase.cpp:37:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, format, arguments); // if a console is available data/libgff-2.0.0/src/GBase.cpp:45:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr,format,arguments); data/libgff-2.0.0/src/GBase.cpp:61:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, format , arguments); // if a console is available data/libgff-2.0.0/src/GBase.cpp:69:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr,format,arguments); data/libgff-2.0.0/src/GBase.cpp:125:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(copy,str); data/libgff-2.0.0/src/GBase.cpp:197:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(gpath,path); data/libgff-2.0.0/src/GBase.cpp:354:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str,newvalue); data/libgff-2.0.0/src/GStr.cpp:40:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(data->chars, str); data/libgff-2.0.0/src/GStr.cpp:402:11: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. int len=vsprintf(buf,fmt,arguments); data/libgff-2.0.0/src/GStr.cpp:419:3: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buf,fmt,arguments); data/libgff-2.0.0/src/GStr.cpp:774:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dest, s); data/libgff-2.0.0/src/GStr.cpp:821:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dest, s); data/libgff-2.0.0/src/GStr.cpp:832:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dest, s); data/libgff-2.0.0/src/GStr.cpp:870:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). ::strcpy(&data->chars[idx], &my_data->chars[idx+len]); data/libgff-2.0.0/src/GStr.cpp:899:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). ::strcpy(&data->chars[idx+s.length()], &my_data->chars[idx+len]); data/libgff-2.0.0/src/GStr.cpp:932:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). ::strcpy(&data->chars[idx+s_length], &my_data->chars[idx+len]); data/libgff-2.0.0/src/GStr.cpp:956:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). ::strcpy(&data->chars[idx+s.length()], &my_data->chars[idx]); data/libgff-2.0.0/src/GStr.cpp:981:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). ::strcpy(&data->chars[idx+s_length], &my_data->chars[idx]); data/libgff-2.0.0/src/GStr.cpp:1241:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fTokenDelimiter, delimiter); data/libgff-2.0.0/src/gff.cpp:1347:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, id); data/libgff-2.0.0/src/gff.cpp:1349:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf+idlen+1, ctg); data/libgff-2.0.0/src/gff.cpp:1910:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(new_attr_name, prefix); data/libgff-2.0.0/src/gff.cpp:1911:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(new_attr_name, attr_name); data/libgff-2.0.0/src/gff.cpp:2329:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(fout,format,arguments); data/libgff-2.0.0/include/GBase.h:438:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fArray, a.fArray, sizeof(OBJ)* a.fCapacity); data/libgff-2.0.0/include/GBase.h:453:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fArray, a.fArray, sizeof(OBJ)*a.fCount); data/libgff-2.0.0/include/GBase.h:509:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fArray+fCount, arr, count*sizeof(OBJ)); data/libgff-2.0.0/include/GBase.h:516:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fArray+fCount, arr.fArray, arr.fCount*sizeof(OBJ)); data/libgff-2.0.0/include/GBase.h:626:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* f=fopen(fname, "rb"); data/libgff-2.0.0/include/GFaSeqGet.h:175:15: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(fainame+fainamelen, ".fai"); data/libgff-2.0.0/include/GFaSeqGet.h:200:36: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fcreate=fopen(fainame, "w"); data/libgff-2.0.0/include/GFaSeqGet.h:208:39: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fcreate=fopen(fainamecwd, "w"))==NULL) data/libgff-2.0.0/include/GFaSeqGet.h:247:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(s+slen, ".fa"); data/libgff-2.0.0/include/GFaSeqGet.h:250:24: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (!fileExists(s)) { strcpy(s+slen, "sta"); slen+=3; } data/libgff-2.0.0/include/GStr.h:184:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chars[1]; data/libgff-2.0.0/include/codons.h:10:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nuc[3]; data/libgff-2.0.0/include/gff.h:100:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf(outs, "%.*f", precision, score); data/libgff-2.0.0/include/gff.h:281:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(line, l.line, llen+1); data/libgff-2.0.0/include/gff.h:283:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dupline, l.dupline, llen+1); data/libgff-2.0.0/include/gff.h:294:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_parents, l._parents, _parents_len); data/libgff-2.0.0/include/gff.h:1280:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fh=fopen(fname, "rb"); data/libgff-2.0.0/src/GBase.cpp:20:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[4096]; data/libgff-2.0.0/src/GBase.cpp:33:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[4096]; data/libgff-2.0.0/src/GBase.cpp:58:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[4096]; data/libgff-2.0.0/src/GBase.cpp:233:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (mode==NULL) f=fopen(path, "rb"); data/libgff-2.0.0/src/GBase.cpp:234:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else f=fopen(path, mode); data/libgff-2.0.0/src/GBase.cpp:345:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(subs, str, newlen-1); data/libgff-2.0.0/src/GBase.cpp:924:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char retbuf[48]; data/libgff-2.0.0/src/GFaSeqGet.cpp:23:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void*)&newsq[qto], (void*)&sq[qfrom], sovl); data/libgff-2.0.0/src/GFaSeqGet.cpp:31:5: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fh=fopen(fn,"rb"); data/libgff-2.0.0/src/GFaSeqGet.cpp:45:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fh=fopen(faname,"rb"); data/libgff-2.0.0/src/GFaSeqGet.cpp:261:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void*)r,(void*)gs, clen); data/libgff-2.0.0/src/GFaSeqGet.cpp:315:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void*)seqp, (void*)smem, reqrlen); data/libgff-2.0.0/src/GFaSeqGet.cpp:333:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void*)(&seqp[sublen]), (void*)(&smem[mp]), line_len); data/libgff-2.0.0/src/GFaSeqGet.cpp:348:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void*)(&seqp[sublen]), (void*)(&smem[mp]), letters_toread); data/libgff-2.0.0/src/GFastaIndex.cpp:35:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fi=fopen(fai_name,"rb"); data/libgff-2.0.0/src/GFastaIndex.cpp:71:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fa=fopen(fa_name,"rb"); data/libgff-2.0.0/src/GFastaIndex.cpp:149:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fai=fopen(finame, "w"); data/libgff-2.0.0/src/GStr.cpp:92:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(data->chars, my_data->chars, my_data->length); data/libgff-2.0.0/src/GStr.cpp:167:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/libgff-2.0.0/src/GStr.cpp:168:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf,"%d",i); data/libgff-2.0.0/src/GStr.cpp:171:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(chrs(), buf, len); data/libgff-2.0.0/src/GStr.cpp:180:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/libgff-2.0.0/src/GStr.cpp:181:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf,"%f",f); data/libgff-2.0.0/src/GStr.cpp:184:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(chrs(), buf, len); data/libgff-2.0.0/src/GStr.cpp:232:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(my_data->chars, s, len); data/libgff-2.0.0/src/GStr.cpp:238:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/libgff-2.0.0/src/GStr.cpp:239:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf,"%f",f); data/libgff-2.0.0/src/GStr.cpp:242:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(my_data->chars, buf, len); data/libgff-2.0.0/src/GStr.cpp:248:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/libgff-2.0.0/src/GStr.cpp:249:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf,"%d",i); data/libgff-2.0.0/src/GStr.cpp:252:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(my_data->chars, buf, len); data/libgff-2.0.0/src/GStr.cpp:319:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/libgff-2.0.0/src/GStr.cpp:320:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf,"%d",i); data/libgff-2.0.0/src/GStr.cpp:325:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/libgff-2.0.0/src/GStr.cpp:326:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf,"%u",i); data/libgff-2.0.0/src/GStr.cpp:331:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/libgff-2.0.0/src/GStr.cpp:332:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf,"%ld",l); data/libgff-2.0.0/src/GStr.cpp:337:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/libgff-2.0.0/src/GStr.cpp:338:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf,"%lu", l); data/libgff-2.0.0/src/GStr.cpp:343:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[30]; data/libgff-2.0.0/src/GStr.cpp:344:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf,"%f",f); data/libgff-2.0.0/src/GStr.cpp:406:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(chrs(), buf, len); data/libgff-2.0.0/src/GStr.cpp:441:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(data->chars, &my_data->chars[istart], newlen); data/libgff-2.0.0/src/GStr.cpp:460:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(data->chars, & (my_data->chars[istart]), newlen); data/libgff-2.0.0/src/GStr.cpp:550:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(data->chars, &my_data->chars[istart], newlen); data/libgff-2.0.0/src/GStr.cpp:568:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(data->chars, &my_data->chars[istart], newlen); data/libgff-2.0.0/src/GStr.cpp:584:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(&data->chars[len-length()], my_data->chars, my_data->length); data/libgff-2.0.0/src/GStr.cpp:593:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(data->chars, my_data->chars, length()); data/libgff-2.0.0/src/GStr.cpp:606:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(&data->chars[istart], my_data->chars, length()); data/libgff-2.0.0/src/GStr.cpp:622:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(newstring.chrs(), s1, s1_length); data/libgff-2.0.0/src/GStr.cpp:623:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(&(newstring.chrs())[s1_length], s2.chars(), s2.length()); data/libgff-2.0.0/src/GStr.cpp:638:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(newstring.chrs(), my_data->chars, length()); data/libgff-2.0.0/src/GStr.cpp:639:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(&(newstring.chrs())[length()], s.chars(), s.length()); data/libgff-2.0.0/src/GStr.cpp:655:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(newstring.chrs(), my_data->chars, length()); data/libgff-2.0.0/src/GStr.cpp:656:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(&(newstring.chrs())[length()], s, s_length); data/libgff-2.0.0/src/GStr.cpp:662:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/libgff-2.0.0/src/GStr.cpp:663:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", i); data/libgff-2.0.0/src/GStr.cpp:667:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(newstring.chrs(), my_data->chars, length()); data/libgff-2.0.0/src/GStr.cpp:668:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(&(newstring.chrs())[length()], buf, s_length); data/libgff-2.0.0/src/GStr.cpp:673:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4]; data/libgff-2.0.0/src/GStr.cpp:674:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%c", c); data/libgff-2.0.0/src/GStr.cpp:678:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(newstring.chrs(), my_data->chars, length()); data/libgff-2.0.0/src/GStr.cpp:679:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(&(newstring.chrs())[length()], buf, s_length); data/libgff-2.0.0/src/GStr.cpp:684:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[30]; data/libgff-2.0.0/src/GStr.cpp:685:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%f", f); data/libgff-2.0.0/src/GStr.cpp:689:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(newstring.chrs(), my_data->chars, length()); data/libgff-2.0.0/src/GStr.cpp:690:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(&(newstring.chrs())[length()], buf, s_length); data/libgff-2.0.0/src/GStr.cpp:730:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(newstring.chrs(), &my_data->chars[idx], len); data/libgff-2.0.0/src/GStr.cpp:769:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest,s,p-s); data/libgff-2.0.0/src/GStr.cpp:816:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest,s,p-s); data/libgff-2.0.0/src/GStr.cpp:825:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest,s,p-s); //copy up rto the match data/libgff-2.0.0/src/GStr.cpp:827:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest,rto,tl); //put the replacement string data/libgff-2.0.0/src/GStr.cpp:840:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p,rto,l); data/libgff-2.0.0/src/GStr.cpp:869:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(data->chars, my_data->chars, idx); data/libgff-2.0.0/src/GStr.cpp:892:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(&chrs()[idx], s.chars(), len); data/libgff-2.0.0/src/GStr.cpp:896:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(data->chars, my_data->chars, idx); data/libgff-2.0.0/src/GStr.cpp:898:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(&data->chars[idx], s.chars(), s.length()); data/libgff-2.0.0/src/GStr.cpp:925:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(&chrs()[idx], s, len); data/libgff-2.0.0/src/GStr.cpp:929:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(data->chars, my_data->chars, idx); data/libgff-2.0.0/src/GStr.cpp:931:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(&data->chars[idx], s, s_length); data/libgff-2.0.0/src/GStr.cpp:954:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(data->chars, my_data->chars, idx); data/libgff-2.0.0/src/GStr.cpp:955:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(&data->chars[idx], s.chars(), s.length()); data/libgff-2.0.0/src/GStr.cpp:979:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(data->chars, my_data->chars, idx); data/libgff-2.0.0/src/GStr.cpp:980:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(&data->chars[idx], s, s_length); data/libgff-2.0.0/src/GStr.cpp:1015:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(my_data->chars, s, len); data/libgff-2.0.0/src/GStr.cpp:1023:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(my_data->chars+my_data->length, s, len); data/libgff-2.0.0/src/GStr.cpp:1078:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(my_data->chars, m, len); data/libgff-2.0.0/src/GStr.cpp:1087:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(my_data->chars + my_data->length, m, len); data/libgff-2.0.0/src/GStr.cpp:1271:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(token.chrs(), &my_data->chars[fLastTokenStart], tlen); data/libgff-2.0.0/src/GStr.cpp:1306:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(token.chrs(), &my_data->chars[fLastTokenStart], tlen); data/libgff-2.0.0/src/GStr.cpp:1358:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ::memcpy(data->chars, readbuf, numread); data/libgff-2.0.0/src/GStr.cpp:1363:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&data->chars[acc_len], readbuf, numread); data/libgff-2.0.0/src/GStr.cpp:1407:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[24]; data/libgff-2.0.0/src/GStr.cpp:1431:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[24]; data/libgff-2.0.0/src/codons.cpp:3:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char codonTable[32768]; //32K table for fasta codon decoding data/libgff-2.0.0/src/gdna.cpp:16:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char v_2bit2nt[4] = {'A','C','G','T'}; data/libgff-2.0.0/src/gff.cpp:181:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(line, l, llen+1); data/libgff-2.0.0/src/gff.cpp:183:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dupline, l, llen+1); data/libgff-2.0.0/src/gff.cpp:374:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(line, l, llen+1); data/libgff-2.0.0/src/gff.cpp:376:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dupline, l, llen+1); data/libgff-2.0.0/src/gff.cpp:382:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fnamelc[128]; data/libgff-2.0.0/src/gff.cpp:732:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(track,"jigsaw"); data/libgff-2.0.0/src/gff.cpp:2904:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dbuf[DBUF_LEN]; data/libgff-2.0.0/include/GFaSeqGet.h:167:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int fainamelen=strlen(fainame); data/libgff-2.0.0/include/GFaSeqGet.h:234:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int gnl=strlen(gseqname); data/libgff-2.0.0/include/GFaSeqGet.h:236:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int slen=strlen(s); data/libgff-2.0.0/include/GStr.h:164:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t read(FILE* stream, const char* delimiter="\n", size_t bufsize=4096); data/libgff-2.0.0/include/gff.h:99:20: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. if (precision<0) sprintf(outs, "."); data/libgff-2.0.0/src/GArgs.cpp:22:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int fmtlen=strlen(format); data/libgff-2.0.0/src/GArgs.cpp:68:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int alen=strlen(p); data/libgff-2.0.0/src/GBase.cpp:124:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). GMALLOC(copy, strlen(str)+1+xtracap); data/libgff-2.0.0/src/GBase.cpp:141:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(copy, sfrom, sto-sfrom+1); data/libgff-2.0.0/src/GBase.cpp:169:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int blen=strlen(templ); data/libgff-2.0.0/src/GBase.cpp:181:24: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). mode_t process_mask = umask(0); //is this really needed? data/libgff-2.0.0/src/GBase.cpp:186:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(process_mask); data/libgff-2.0.0/src/GBase.cpp:189:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int plen=strlen(path); data/libgff-2.0.0/src/GBase.cpp:198:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(gpath, "/"); data/libgff-2.0.0/src/GBase.cpp:221:4: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(process_mask); data/libgff-2.0.0/src/GBase.cpp:227:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(process_mask); data/libgff-2.0.0/src/GBase.cpp:353:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). GMALLOC(str, strlen(newvalue)+1); data/libgff-2.0.0/src/GBase.cpp:379:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p=str+strlen(str)-1; data/libgff-2.0.0/src/GBase.cpp:399:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c=getc(stream))!=EOF) { data/libgff-2.0.0/src/GBase.cpp:402:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c=getc(stream))!='\n') ungetc(c,stream); data/libgff-2.0.0/src/GBase.cpp:428:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c=getc(stream))!=EOF) { data/libgff-2.0.0/src/GBase.cpp:433:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c=getc(stream))!='\n') ungetc(c,stream); data/libgff-2.0.0/src/GBase.cpp:459:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int l=strlen(s); data/libgff-2.0.0/src/GBase.cpp:467:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len=strlen(str); data/libgff-2.0.0/src/GBase.cpp:477:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len=strlen(str); data/libgff-2.0.0/src/GBase.cpp:515:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l=strlen(substr); data/libgff-2.0.0/src/GBase.cpp:516:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* p=(char*)str+strlen(str)-l; data/libgff-2.0.0/src/GBase.cpp:532:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l=strlen(substr); data/libgff-2.0.0/src/GBase.cpp:533:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* smax=(char*)str+strlen(str)-l; data/libgff-2.0.0/src/GBase.cpp:564:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int j=strlen(suffix)-1; data/libgff-2.0.0/src/GBase.cpp:565:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int i=strlen(s)-1; data/libgff-2.0.0/src/GBase.cpp:574:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int j=strlen(suffix)-1; data/libgff-2.0.0/src/GBase.cpp:575:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int i=strlen(s)-1; data/libgff-2.0.0/src/GBase.cpp:584:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int j=strlen(suffix)-1; data/libgff-2.0.0/src/GBase.cpp:585:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int i=strlen(s)-1; data/libgff-2.0.0/src/GBase.cpp:598:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int j=strlen(suffix)-1; data/libgff-2.0.0/src/GBase.cpp:599:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int i=strlen(s)-1; data/libgff-2.0.0/src/GBase.cpp:611:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (slen==0) slen=strlen(str); data/libgff-2.0.0/src/GBase.cpp:628:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l=strlen(substr); data/libgff-2.0.0/src/GFaSeqGet.cpp:77:8: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int c=getc(fh); data/libgff-2.0.0/src/GFaSeqGet.cpp:83:12: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c=getc(fh))!=EOF) { data/libgff-2.0.0/src/GFaSeqGet.cpp:97:12: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c=getc(fh))!=EOF) { data/libgff-2.0.0/src/GFaSeqGet.cpp:111:12: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c=getc(fh))!=EOF) { data/libgff-2.0.0/src/GFaSeqGet.cpp:125:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c=getc(fh))!=EOF) { data/libgff-2.0.0/src/GStr.cpp:36:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len=strlen(str); data/libgff-2.0.0/src/GStr.cpp:169:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int len = ::strlen(buf); data/libgff-2.0.0/src/GStr.cpp:182:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int len = ::strlen(buf); data/libgff-2.0.0/src/GStr.cpp:231:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int len = ::strlen(s); prep_data(len); data/libgff-2.0.0/src/GStr.cpp:240:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int len = ::strlen(buf); data/libgff-2.0.0/src/GStr.cpp:250:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int len = ::strlen(buf); data/libgff-2.0.0/src/GStr.cpp:398:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). GMALLOC(buf, strlen(fmt)+1024); data/libgff-2.0.0/src/GStr.cpp:415:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). GMALLOC(buf, strlen(fmt)+1024); data/libgff-2.0.0/src/GStr.cpp:516:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int cend=strlen(cstr)-1; data/libgff-2.0.0/src/GStr.cpp:615:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int s1_length = ::strlen(s1); data/libgff-2.0.0/src/GStr.cpp:648:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int s_length = ::strlen(s); data/libgff-2.0.0/src/GStr.cpp:664:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int s_length = ::strlen(buf); data/libgff-2.0.0/src/GStr.cpp:675:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int s_length = ::strlen(buf); data/libgff-2.0.0/src/GStr.cpp:686:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int s_length = ::strlen(buf); data/libgff-2.0.0/src/GStr.cpp:754:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (length() == 0 || rfrom==NULL || strlen(rfrom)==0) data/libgff-2.0.0/src/GStr.cpp:756:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int l=strlen(rfrom); data/libgff-2.0.0/src/GStr.cpp:758:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (rto!=NULL && strlen(rto)!=l) data/libgff-2.0.0/src/GStr.cpp:775:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dest+=strlen(s); data/libgff-2.0.0/src/GStr.cpp:779:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). data->length=strlen(data->chars); data/libgff-2.0.0/src/GStr.cpp:796:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (length() == 0 || rfrom==NULL || strlen(rfrom)==0) data/libgff-2.0.0/src/GStr.cpp:798:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int l=strlen(rfrom); data/libgff-2.0.0/src/GStr.cpp:799:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int tl= (rto==NULL)?0:strlen(rto); data/libgff-2.0.0/src/GStr.cpp:922:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int s_length = ::strlen(s); data/libgff-2.0.0/src/GStr.cpp:974:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int s_length = ::strlen(s); data/libgff-2.0.0/src/GStr.cpp:1010:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint len=::strlen(s); data/libgff-2.0.0/src/GStr.cpp:1051:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). ::strncpy(my_data->chars, s, len); data/libgff-2.0.0/src/GStr.cpp:1121:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(s)>(size_t)length()) return -1; data/libgff-2.0.0/src/GStr.cpp:1168:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int slen=strlen(str); data/libgff-2.0.0/src/GStr.cpp:1190:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result=substr(i+strlen(delim)); data/libgff-2.0.0/src/GStr.cpp:1218:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result=substr(i+strlen(delim)); data/libgff-2.0.0/src/GStr.cpp:1240:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). GMALLOC(fTokenDelimiter,strlen(delimiter)+1); data/libgff-2.0.0/src/GStr.cpp:1256:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int dlen=strlen(fTokenDelimiter); data/libgff-2.0.0/src/GStr.cpp:1313:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t GStr::read(FILE* stream, const char* delimiter, size_t bufsize) { data/libgff-2.0.0/src/GStr.cpp:1335:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dlen=strlen(delimiter); data/libgff-2.0.0/src/GStr.cpp:1422:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, &my_data->chars[i-j], j); data/libgff-2.0.0/src/GStr.cpp:1446:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, &my_data->chars[i+1], j); data/libgff-2.0.0/src/codons.cpp:80:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (dnalen==0) dnalen=strlen(dnastr); data/libgff-2.0.0/src/gdna.cpp:52:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (slen==0) slen=strlen(seq); data/libgff-2.0.0/src/gdna.cpp:68:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l=strlen(IUPAC_DEFS); data/libgff-2.0.0/src/gff.cpp:105:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int attrlen=strlen(attr); data/libgff-2.0.0/src/gff.cpp:179:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). llen=strlen(l); data/libgff-2.0.0/src/gff.cpp:372:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). llen=strlen(l); data/libgff-2.0.0/src/gff.cpp:440:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fnamelc, ftype, 127); data/libgff-2.0.0/src/gff.cpp:780:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _parents_len=strlen(Parent)+1; data/libgff-2.0.0/src/gff.cpp:1345:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int idlen=strlen(id); data/libgff-2.0.0/src/gff.cpp:1346:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). GMALLOC(buf, idlen+strlen(ctg)+2); data/libgff-2.0.0/src/gff.cpp:1908:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). GMALLOC(new_attr_name, strlen(prefix)+strlen(attr_name)+1); data/libgff-2.0.0/src/gff.cpp:1908:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). GMALLOC(new_attr_name, strlen(prefix)+strlen(attr_name)+1); data/libgff-2.0.0/src/gff.cpp:2385:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* endinfo=info+strlen(info); ANALYSIS SUMMARY: Hits = 242 Lines analyzed = 9966 in approximately 0.33 seconds (30394 lines/second) Physical Source Lines of Code (SLOC) = 8090 Hits@level = [0] 73 [1] 93 [2] 120 [3] 0 [4] 29 [5] 0 Hits@level+ = [0+] 315 [1+] 242 [2+] 149 [3+] 29 [4+] 29 [5+] 0 Hits/KSLOC@level+ = [0+] 38.937 [1+] 29.9135 [2+] 18.4178 [3+] 3.58467 [4+] 3.58467 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.