Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libgff-2.0.0/include/GArgs.h
Examining data/libgff-2.0.0/include/GBase.h
Examining data/libgff-2.0.0/include/GFaSeqGet.h
Examining data/libgff-2.0.0/include/GFastaIndex.h
Examining data/libgff-2.0.0/include/GStr.h
Examining data/libgff-2.0.0/include/codons.h
Examining data/libgff-2.0.0/include/gdna.h
Examining data/libgff-2.0.0/include/gff.h
Examining data/libgff-2.0.0/src/GArgs.cpp
Examining data/libgff-2.0.0/src/GBase.cpp
Examining data/libgff-2.0.0/src/GFaSeqGet.cpp
Examining data/libgff-2.0.0/src/GFastaIndex.cpp
Examining data/libgff-2.0.0/src/GStr.cpp
Examining data/libgff-2.0.0/src/TestGFFParse.cpp
Examining data/libgff-2.0.0/src/codons.cpp
Examining data/libgff-2.0.0/src/gdna.cpp
Examining data/libgff-2.0.0/src/gff.cpp

FINAL RESULTS:

data/libgff-2.0.0/include/GBase.h:36:11:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  #ifndef popen
data/libgff-2.0.0/include/GBase.h:37:12:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
   #define popen _popen
data/libgff-2.0.0/include/GBase.h:114:29:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
fprintf(stderr, "Error: "); fprintf(stderr, a); \
data/libgff-2.0.0/include/GFaSeqGet.h:243:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(s+slen, gseqname);
data/libgff-2.0.0/src/GBase.cpp:21:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(msg,"%s(%d): ASSERT(%s) failed.\n",filename,lineno,expression);
data/libgff-2.0.0/src/GBase.cpp:37:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, format, arguments); // if a console is available
data/libgff-2.0.0/src/GBase.cpp:45:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr,format,arguments);
data/libgff-2.0.0/src/GBase.cpp:61:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, format , arguments); // if a console is available
data/libgff-2.0.0/src/GBase.cpp:69:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr,format,arguments);
data/libgff-2.0.0/src/GBase.cpp:125:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(copy,str);
data/libgff-2.0.0/src/GBase.cpp:197:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(gpath,path);
data/libgff-2.0.0/src/GBase.cpp:354:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
 strcpy(str,newvalue);
data/libgff-2.0.0/src/GStr.cpp:40:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(data->chars, str);
data/libgff-2.0.0/src/GStr.cpp:402:11:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
  int len=vsprintf(buf,fmt,arguments);
data/libgff-2.0.0/src/GStr.cpp:419:3:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
  vsprintf(buf,fmt,arguments);
data/libgff-2.0.0/src/GStr.cpp:774:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(dest, s);
data/libgff-2.0.0/src/GStr.cpp:821:12:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
           strcpy(dest, s);
data/libgff-2.0.0/src/GStr.cpp:832:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy(dest, s);
data/libgff-2.0.0/src/GStr.cpp:870:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    ::strcpy(&data->chars[idx], &my_data->chars[idx+len]);
data/libgff-2.0.0/src/GStr.cpp:899:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        ::strcpy(&data->chars[idx+s.length()], &my_data->chars[idx+len]);
data/libgff-2.0.0/src/GStr.cpp:932:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        ::strcpy(&data->chars[idx+s_length], &my_data->chars[idx+len]);
data/libgff-2.0.0/src/GStr.cpp:956:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        ::strcpy(&data->chars[idx+s.length()], &my_data->chars[idx]);
data/libgff-2.0.0/src/GStr.cpp:981:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        ::strcpy(&data->chars[idx+s_length], &my_data->chars[idx]);
data/libgff-2.0.0/src/GStr.cpp:1241:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(fTokenDelimiter, delimiter);
data/libgff-2.0.0/src/gff.cpp:1347:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
 strcpy(buf, id);
data/libgff-2.0.0/src/gff.cpp:1349:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
 strcpy(buf+idlen+1, ctg);
data/libgff-2.0.0/src/gff.cpp:1910:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
						strcat(new_attr_name, prefix);
data/libgff-2.0.0/src/gff.cpp:1911:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
						strcat(new_attr_name, attr_name);
data/libgff-2.0.0/src/gff.cpp:2329:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(fout,format,arguments);
data/libgff-2.0.0/include/GBase.h:438:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(fArray, a.fArray, sizeof(OBJ)* a.fCapacity);
data/libgff-2.0.0/include/GBase.h:453:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(fArray, a.fArray, sizeof(OBJ)*a.fCount);
data/libgff-2.0.0/include/GBase.h:509:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    	memcpy(fArray+fCount, arr, count*sizeof(OBJ));
data/libgff-2.0.0/include/GBase.h:516:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    	memcpy(fArray+fCount, arr.fArray, arr.fCount*sizeof(OBJ));
data/libgff-2.0.0/include/GBase.h:626:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      FILE* f=fopen(fname, "rb");
data/libgff-2.0.0/include/GFaSeqGet.h:175:15:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            	 strcpy(fainame+fainamelen, ".fai");
data/libgff-2.0.0/include/GFaSeqGet.h:200:36:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                     FILE* fcreate=fopen(fainame, "w");
data/libgff-2.0.0/include/GFaSeqGet.h:208:39:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                        	if ((fcreate=fopen(fainamecwd, "w"))==NULL)
data/libgff-2.0.0/include/GFaSeqGet.h:247:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(s+slen, ".fa");
data/libgff-2.0.0/include/GFaSeqGet.h:250:24:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	if (!fileExists(s)) { strcpy(s+slen, "sta"); slen+=3; }
data/libgff-2.0.0/include/GStr.h:184:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
               char chars[1];
data/libgff-2.0.0/include/codons.h:10:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char nuc[3];
data/libgff-2.0.0/include/gff.h:100:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		else sprintf(outs, "%.*f", precision, score);
data/libgff-2.0.0/include/gff.h:281:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    	memcpy(line, l.line, llen+1);
data/libgff-2.0.0/include/gff.h:283:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    	memcpy(dupline, l.dupline, llen+1);
data/libgff-2.0.0/include/gff.h:294:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    		memcpy(_parents, l._parents, _parents_len);
data/libgff-2.0.0/include/gff.h:1280:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      fh=fopen(fname, "rb");
data/libgff-2.0.0/src/GBase.cpp:20:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char msg[4096];
data/libgff-2.0.0/src/GBase.cpp:33:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg[4096];
data/libgff-2.0.0/src/GBase.cpp:58:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg[4096];
data/libgff-2.0.0/src/GBase.cpp:233:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (mode==NULL) f=fopen(path, "rb");
data/libgff-2.0.0/src/GBase.cpp:234:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    	   else f=fopen(path, mode);
data/libgff-2.0.0/src/GBase.cpp:345:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
 memcpy(subs, str, newlen-1);
data/libgff-2.0.0/src/GBase.cpp:924:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char retbuf[48];
data/libgff-2.0.0/src/GFaSeqGet.cpp:23:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((void*)&newsq[qto], (void*)&sq[qfrom], sovl);
data/libgff-2.0.0/src/GFaSeqGet.cpp:31:5:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
 fh=fopen(fn,"rb");
data/libgff-2.0.0/src/GFaSeqGet.cpp:45:6:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fh=fopen(faname,"rb");
data/libgff-2.0.0/src/GFaSeqGet.cpp:261:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((void*)r,(void*)gs, clen);
data/libgff-2.0.0/src/GFaSeqGet.cpp:315:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((void*)seqp, (void*)smem, reqrlen);
data/libgff-2.0.0/src/GFaSeqGet.cpp:333:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((void*)(&seqp[sublen]), (void*)(&smem[mp]), line_len);
data/libgff-2.0.0/src/GFaSeqGet.cpp:348:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
       memcpy((void*)(&seqp[sublen]), (void*)(&smem[mp]), letters_toread);
data/libgff-2.0.0/src/GFastaIndex.cpp:35:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* fi=fopen(fai_name,"rb");
data/libgff-2.0.0/src/GFastaIndex.cpp:71:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* fa=fopen(fa_name,"rb");
data/libgff-2.0.0/src/GFastaIndex.cpp:149:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* fai=fopen(finame, "w");
data/libgff-2.0.0/src/GStr.cpp:92:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        ::memcpy(data->chars, my_data->chars, my_data->length);
data/libgff-2.0.0/src/GStr.cpp:167:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char buf[20];
data/libgff-2.0.0/src/GStr.cpp:168:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
 sprintf(buf,"%d",i);
data/libgff-2.0.0/src/GStr.cpp:171:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
 ::memcpy(chrs(), buf, len);
data/libgff-2.0.0/src/GStr.cpp:180:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char buf[20];
data/libgff-2.0.0/src/GStr.cpp:181:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
 sprintf(buf,"%f",f);
data/libgff-2.0.0/src/GStr.cpp:184:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
 ::memcpy(chrs(), buf, len);
data/libgff-2.0.0/src/GStr.cpp:232:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  ::memcpy(my_data->chars, s, len);
data/libgff-2.0.0/src/GStr.cpp:238:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char buf[20];
data/libgff-2.0.0/src/GStr.cpp:239:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
 sprintf(buf,"%f",f);
data/libgff-2.0.0/src/GStr.cpp:242:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
 ::memcpy(my_data->chars, buf, len);
data/libgff-2.0.0/src/GStr.cpp:248:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char buf[20];
data/libgff-2.0.0/src/GStr.cpp:249:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
 sprintf(buf,"%d",i);
data/libgff-2.0.0/src/GStr.cpp:252:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
 ::memcpy(my_data->chars, buf, len);
data/libgff-2.0.0/src/GStr.cpp:319:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char buf[20];
data/libgff-2.0.0/src/GStr.cpp:320:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
 sprintf(buf,"%d",i);
data/libgff-2.0.0/src/GStr.cpp:325:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char buf[20];
data/libgff-2.0.0/src/GStr.cpp:326:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
 sprintf(buf,"%u",i);
data/libgff-2.0.0/src/GStr.cpp:331:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char buf[20];
data/libgff-2.0.0/src/GStr.cpp:332:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
 sprintf(buf,"%ld",l);
data/libgff-2.0.0/src/GStr.cpp:337:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char buf[20];
data/libgff-2.0.0/src/GStr.cpp:338:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
 sprintf(buf,"%lu", l);
data/libgff-2.0.0/src/GStr.cpp:343:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char buf[30];
data/libgff-2.0.0/src/GStr.cpp:344:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
 sprintf(buf,"%f",f);
data/libgff-2.0.0/src/GStr.cpp:406:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  ::memcpy(chrs(), buf, len);
data/libgff-2.0.0/src/GStr.cpp:441:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
 ::memcpy(data->chars, &my_data->chars[istart], newlen);
data/libgff-2.0.0/src/GStr.cpp:460:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
 ::memcpy(data->chars, & (my_data->chars[istart]), newlen);
data/libgff-2.0.0/src/GStr.cpp:550:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
 ::memcpy(data->chars, &my_data->chars[istart], newlen);
data/libgff-2.0.0/src/GStr.cpp:568:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
 ::memcpy(data->chars, &my_data->chars[istart], newlen);
data/libgff-2.0.0/src/GStr.cpp:584:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
 ::memcpy(&data->chars[len-length()], my_data->chars, my_data->length);
data/libgff-2.0.0/src/GStr.cpp:593:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
 ::memcpy(data->chars, my_data->chars, length());
data/libgff-2.0.0/src/GStr.cpp:606:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
 ::memcpy(&data->chars[istart], my_data->chars, length());
data/libgff-2.0.0/src/GStr.cpp:622:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        ::memcpy(newstring.chrs(), s1, s1_length);
data/libgff-2.0.0/src/GStr.cpp:623:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        ::memcpy(&(newstring.chrs())[s1_length], s2.chars(), s2.length());
data/libgff-2.0.0/src/GStr.cpp:638:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        ::memcpy(newstring.chrs(), my_data->chars, length());
data/libgff-2.0.0/src/GStr.cpp:639:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        ::memcpy(&(newstring.chrs())[length()], s.chars(), s.length());
data/libgff-2.0.0/src/GStr.cpp:655:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        ::memcpy(newstring.chrs(), my_data->chars, length());
data/libgff-2.0.0/src/GStr.cpp:656:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        ::memcpy(&(newstring.chrs())[length()], s, s_length);
data/libgff-2.0.0/src/GStr.cpp:662:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/libgff-2.0.0/src/GStr.cpp:663:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%d", i);
data/libgff-2.0.0/src/GStr.cpp:667:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    ::memcpy(newstring.chrs(), my_data->chars, length());
data/libgff-2.0.0/src/GStr.cpp:668:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    ::memcpy(&(newstring.chrs())[length()], buf, s_length);
data/libgff-2.0.0/src/GStr.cpp:673:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[4];
data/libgff-2.0.0/src/GStr.cpp:674:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%c", c);
data/libgff-2.0.0/src/GStr.cpp:678:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    ::memcpy(newstring.chrs(), my_data->chars, length());
data/libgff-2.0.0/src/GStr.cpp:679:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    ::memcpy(&(newstring.chrs())[length()], buf, s_length);
data/libgff-2.0.0/src/GStr.cpp:684:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[30];
data/libgff-2.0.0/src/GStr.cpp:685:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%f", f);
data/libgff-2.0.0/src/GStr.cpp:689:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    ::memcpy(newstring.chrs(), my_data->chars, length());
data/libgff-2.0.0/src/GStr.cpp:690:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    ::memcpy(&(newstring.chrs())[length()], buf, s_length);
data/libgff-2.0.0/src/GStr.cpp:730:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      ::memcpy(newstring.chrs(), &my_data->chars[idx], len);
data/libgff-2.0.0/src/GStr.cpp:769:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dest,s,p-s);
data/libgff-2.0.0/src/GStr.cpp:816:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(dest,s,p-s);
data/libgff-2.0.0/src/GStr.cpp:825:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy(dest,s,p-s); //copy up rto the match
data/libgff-2.0.0/src/GStr.cpp:827:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy(dest,rto,tl); //put the replacement string
data/libgff-2.0.0/src/GStr.cpp:840:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(p,rto,l);
data/libgff-2.0.0/src/GStr.cpp:869:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        ::memcpy(data->chars, my_data->chars, idx);
data/libgff-2.0.0/src/GStr.cpp:892:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        ::memcpy(&chrs()[idx], s.chars(), len);
data/libgff-2.0.0/src/GStr.cpp:896:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            ::memcpy(data->chars, my_data->chars, idx);
data/libgff-2.0.0/src/GStr.cpp:898:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            ::memcpy(&data->chars[idx], s.chars(), s.length());
data/libgff-2.0.0/src/GStr.cpp:925:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        ::memcpy(&chrs()[idx], s, len);
data/libgff-2.0.0/src/GStr.cpp:929:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            ::memcpy(data->chars, my_data->chars, idx);
data/libgff-2.0.0/src/GStr.cpp:931:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            ::memcpy(&data->chars[idx], s, s_length);
data/libgff-2.0.0/src/GStr.cpp:954:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            ::memcpy(data->chars, my_data->chars, idx);
data/libgff-2.0.0/src/GStr.cpp:955:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        ::memcpy(&data->chars[idx], s.chars(), s.length());
data/libgff-2.0.0/src/GStr.cpp:979:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            ::memcpy(data->chars, my_data->chars, idx);
data/libgff-2.0.0/src/GStr.cpp:980:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        ::memcpy(&data->chars[idx], s, s_length);
data/libgff-2.0.0/src/GStr.cpp:1015:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    ::memcpy(my_data->chars, s, len);
data/libgff-2.0.0/src/GStr.cpp:1023:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  ::memcpy(my_data->chars+my_data->length, s, len);
data/libgff-2.0.0/src/GStr.cpp:1078:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    ::memcpy(my_data->chars, m, len);
data/libgff-2.0.0/src/GStr.cpp:1087:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  ::memcpy(my_data->chars + my_data->length, m, len);
data/libgff-2.0.0/src/GStr.cpp:1271:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
     ::memcpy(token.chrs(), &my_data->chars[fLastTokenStart], tlen);
data/libgff-2.0.0/src/GStr.cpp:1306:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   ::memcpy(token.chrs(), &my_data->chars[fLastTokenStart], tlen);
data/libgff-2.0.0/src/GStr.cpp:1358:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        ::memcpy(data->chars, readbuf, numread);
data/libgff-2.0.0/src/GStr.cpp:1363:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&data->chars[acc_len], readbuf, numread);
data/libgff-2.0.0/src/GStr.cpp:1407:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char buf[24];
data/libgff-2.0.0/src/GStr.cpp:1431:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char buf[24];
data/libgff-2.0.0/src/codons.cpp:3:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char codonTable[32768]; //32K table for fasta codon decoding
data/libgff-2.0.0/src/gdna.cpp:16:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char v_2bit2nt[4] = {'A','C','G','T'};
data/libgff-2.0.0/src/gff.cpp:181:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(line, l, llen+1);
data/libgff-2.0.0/src/gff.cpp:183:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dupline, l, llen+1);
data/libgff-2.0.0/src/gff.cpp:374:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
 memcpy(line, l, llen+1);
data/libgff-2.0.0/src/gff.cpp:376:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
 memcpy(dupline, l, llen+1);
data/libgff-2.0.0/src/gff.cpp:382:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char fnamelc[128];
data/libgff-2.0.0/src/gff.cpp:732:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				 strcpy(track,"jigsaw");
data/libgff-2.0.0/src/gff.cpp:2904:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char dbuf[DBUF_LEN];
data/libgff-2.0.0/include/GFaSeqGet.h:167:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int fainamelen=strlen(fainame);
data/libgff-2.0.0/include/GFaSeqGet.h:234:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int gnl=strlen(gseqname);
data/libgff-2.0.0/include/GFaSeqGet.h:236:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int slen=strlen(s);
data/libgff-2.0.0/include/GStr.h:164:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        size_t read(FILE* stream, const char* delimiter="\n", size_t bufsize=4096);
data/libgff-2.0.0/include/gff.h:99:20:  [1] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source is a constant character.
		if (precision<0) sprintf(outs, ".");
data/libgff-2.0.0/src/GArgs.cpp:22:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
int fmtlen=strlen(format);
data/libgff-2.0.0/src/GArgs.cpp:68:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   int alen=strlen(p);
data/libgff-2.0.0/src/GBase.cpp:124:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  GMALLOC(copy, strlen(str)+1+xtracap);
data/libgff-2.0.0/src/GBase.cpp:141:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(copy, sfrom, sto-sfrom+1);
data/libgff-2.0.0/src/GBase.cpp:169:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int blen=strlen(templ);
data/libgff-2.0.0/src/GBase.cpp:181:24:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	mode_t process_mask = umask(0); //is this really needed?
data/libgff-2.0.0/src/GBase.cpp:186:5:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	   umask(process_mask);
data/libgff-2.0.0/src/GBase.cpp:189:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int plen=strlen(path);
data/libgff-2.0.0/src/GBase.cpp:198:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(gpath, "/");
data/libgff-2.0.0/src/GBase.cpp:221:4:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
			umask(process_mask);
data/libgff-2.0.0/src/GBase.cpp:227:2:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	umask(process_mask);
data/libgff-2.0.0/src/GBase.cpp:353:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 GMALLOC(str, strlen(newvalue)+1);
data/libgff-2.0.0/src/GBase.cpp:379:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 p=str+strlen(str)-1;
data/libgff-2.0.0/src/GBase.cpp:399:13:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while ((c=getc(stream))!=EOF) {
data/libgff-2.0.0/src/GBase.cpp:402:17:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
         if ((c=getc(stream))!='\n') ungetc(c,stream);
data/libgff-2.0.0/src/GBase.cpp:428:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
   while ((c=getc(stream))!=EOF) {
data/libgff-2.0.0/src/GBase.cpp:433:17:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
         if ((c=getc(stream))!='\n') ungetc(c,stream);
data/libgff-2.0.0/src/GBase.cpp:459:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  unsigned int l=strlen(s);
data/libgff-2.0.0/src/GBase.cpp:467:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 int len=strlen(str);
data/libgff-2.0.0/src/GBase.cpp:477:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 int len=strlen(str);
data/libgff-2.0.0/src/GBase.cpp:515:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 l=strlen(substr);
data/libgff-2.0.0/src/GBase.cpp:516:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 char* p=(char*)str+strlen(str)-l;
data/libgff-2.0.0/src/GBase.cpp:532:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  l=strlen(substr);
data/libgff-2.0.0/src/GBase.cpp:533:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char* smax=(char*)str+strlen(str)-l;
data/libgff-2.0.0/src/GBase.cpp:564:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 int j=strlen(suffix)-1;
data/libgff-2.0.0/src/GBase.cpp:565:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 int i=strlen(s)-1;
data/libgff-2.0.0/src/GBase.cpp:574:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 int j=strlen(suffix)-1;
data/libgff-2.0.0/src/GBase.cpp:575:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 int i=strlen(s)-1;
data/libgff-2.0.0/src/GBase.cpp:584:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int j=strlen(suffix)-1;
data/libgff-2.0.0/src/GBase.cpp:585:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int i=strlen(s)-1;
data/libgff-2.0.0/src/GBase.cpp:598:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int j=strlen(suffix)-1;
data/libgff-2.0.0/src/GBase.cpp:599:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int i=strlen(s)-1;
data/libgff-2.0.0/src/GBase.cpp:611:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (slen==0) slen=strlen(str);
data/libgff-2.0.0/src/GBase.cpp:628:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 l=strlen(substr);
data/libgff-2.0.0/src/GFaSeqGet.cpp:77:8:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
 int c=getc(fh);
data/libgff-2.0.0/src/GFaSeqGet.cpp:83:12:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
 while ((c=getc(fh))!=EOF) {
data/libgff-2.0.0/src/GFaSeqGet.cpp:97:12:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
 while ((c=getc(fh))!=EOF) {
data/libgff-2.0.0/src/GFaSeqGet.cpp:111:12:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
 while ((c=getc(fh))!=EOF) {
data/libgff-2.0.0/src/GFaSeqGet.cpp:125:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
   while ((c=getc(fh))!=EOF) {
data/libgff-2.0.0/src/GStr.cpp:36:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 int len=strlen(str);
data/libgff-2.0.0/src/GStr.cpp:169:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 const int len = ::strlen(buf);
data/libgff-2.0.0/src/GStr.cpp:182:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 const int len = ::strlen(buf);
data/libgff-2.0.0/src/GStr.cpp:231:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const int len = ::strlen(s); prep_data(len);
data/libgff-2.0.0/src/GStr.cpp:240:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 const int len = ::strlen(buf);
data/libgff-2.0.0/src/GStr.cpp:250:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 const int len = ::strlen(buf);
data/libgff-2.0.0/src/GStr.cpp:398:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  GMALLOC(buf, strlen(fmt)+1024);
data/libgff-2.0.0/src/GStr.cpp:415:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  GMALLOC(buf, strlen(fmt)+1024);
data/libgff-2.0.0/src/GStr.cpp:516:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 int cend=strlen(cstr)-1;
data/libgff-2.0.0/src/GStr.cpp:615:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int s1_length = ::strlen(s1);
data/libgff-2.0.0/src/GStr.cpp:648:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int s_length = ::strlen(s);
data/libgff-2.0.0/src/GStr.cpp:664:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int s_length = ::strlen(buf);
data/libgff-2.0.0/src/GStr.cpp:675:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int s_length = ::strlen(buf);
data/libgff-2.0.0/src/GStr.cpp:686:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int s_length = ::strlen(buf);
data/libgff-2.0.0/src/GStr.cpp:754:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 if (length() == 0 || rfrom==NULL || strlen(rfrom)==0)
data/libgff-2.0.0/src/GStr.cpp:756:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 unsigned int l=strlen(rfrom);
data/libgff-2.0.0/src/GStr.cpp:758:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 if (rto!=NULL && strlen(rto)!=l)
data/libgff-2.0.0/src/GStr.cpp:775:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        dest+=strlen(s);
data/libgff-2.0.0/src/GStr.cpp:779:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   data->length=strlen(data->chars);
data/libgff-2.0.0/src/GStr.cpp:796:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 if (length() == 0 || rfrom==NULL || strlen(rfrom)==0)
data/libgff-2.0.0/src/GStr.cpp:798:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 unsigned int l=strlen(rfrom);
data/libgff-2.0.0/src/GStr.cpp:799:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 unsigned int tl= (rto==NULL)?0:strlen(rto);
data/libgff-2.0.0/src/GStr.cpp:922:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int s_length = ::strlen(s);
data/libgff-2.0.0/src/GStr.cpp:974:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int s_length = ::strlen(s);
data/libgff-2.0.0/src/GStr.cpp:1010:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  uint len=::strlen(s);
data/libgff-2.0.0/src/GStr.cpp:1051:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    ::strncpy(my_data->chars, s, len);
data/libgff-2.0.0/src/GStr.cpp:1121:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(s)>(size_t)length()) return -1;
data/libgff-2.0.0/src/GStr.cpp:1168:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int slen=strlen(str);
data/libgff-2.0.0/src/GStr.cpp:1190:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      result=substr(i+strlen(delim));
data/libgff-2.0.0/src/GStr.cpp:1218:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      result=substr(i+strlen(delim));
data/libgff-2.0.0/src/GStr.cpp:1240:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    GMALLOC(fTokenDelimiter,strlen(delimiter)+1);
data/libgff-2.0.0/src/GStr.cpp:1256:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 int dlen=strlen(fTokenDelimiter);
data/libgff-2.0.0/src/GStr.cpp:1313:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
size_t GStr::read(FILE* stream, const char* delimiter, size_t bufsize) {
data/libgff-2.0.0/src/GStr.cpp:1335:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	 dlen=strlen(delimiter);
data/libgff-2.0.0/src/GStr.cpp:1422:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
   strncpy(buf, &my_data->chars[i-j], j);
data/libgff-2.0.0/src/GStr.cpp:1446:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
   strncpy(buf, &my_data->chars[i+1], j);
data/libgff-2.0.0/src/codons.cpp:80:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 if (dnalen==0) dnalen=strlen(dnastr);
data/libgff-2.0.0/src/gdna.cpp:52:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   if (slen==0) slen=strlen(seq);
data/libgff-2.0.0/src/gdna.cpp:68:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
       int l=strlen(IUPAC_DEFS);
data/libgff-2.0.0/src/gff.cpp:105:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 int attrlen=strlen(attr);
data/libgff-2.0.0/src/gff.cpp:179:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  llen=strlen(l);
data/libgff-2.0.0/src/gff.cpp:372:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 llen=strlen(l);
data/libgff-2.0.0/src/gff.cpp:440:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
 strncpy(fnamelc, ftype, 127);
data/libgff-2.0.0/src/gff.cpp:780:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		 _parents_len=strlen(Parent)+1;
data/libgff-2.0.0/src/gff.cpp:1345:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 int idlen=strlen(id);
data/libgff-2.0.0/src/gff.cpp:1346:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 GMALLOC(buf, idlen+strlen(ctg)+2);
data/libgff-2.0.0/src/gff.cpp:1908:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						GMALLOC(new_attr_name, strlen(prefix)+strlen(attr_name)+1);
data/libgff-2.0.0/src/gff.cpp:1908:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						GMALLOC(new_attr_name, strlen(prefix)+strlen(attr_name)+1);
data/libgff-2.0.0/src/gff.cpp:2385:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char* endinfo=info+strlen(info);

ANALYSIS SUMMARY:

Hits = 242
Lines analyzed = 9966 in approximately 0.33 seconds (30394 lines/second)
Physical Source Lines of Code (SLOC) = 8090
Hits@level = [0]  73 [1]  93 [2] 120 [3]   0 [4]  29 [5]   0
Hits@level+ = [0+] 315 [1+] 242 [2+] 149 [3+]  29 [4+]  29 [5+]   0
Hits/KSLOC@level+ = [0+] 38.937 [1+] 29.9135 [2+] 18.4178 [3+] 3.58467 [4+] 3.58467 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.