Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libncl-2.1.21+git20190531.feceb81/example/basiccmdline/basiccmdline.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/example/basiccmdline/basiccmdline.h
Examining data/libncl-2.1.21+git20190531.feceb81/example/check-taxo-nodes/checktaxonnodes.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/example/compressor/compressor.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/example/find-unsupported-edges/findunsupportededges.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/example/gapcode/gapcode.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/example/nclsimplest/nclsimplest.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/example/ncltest/ncltest.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/example/ncltest/ncltest.h
Examining data/libncl-2.1.21+git20190531.feceb81/example/normalizer/converter.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/example/normalizer/normalizer.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/example/normalizer/normalizer.h
Examining data/libncl-2.1.21+git20190531.feceb81/example/normalizer/us2ml.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/example/ot-subtree/otsubtree.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/example/ot-tree-inspect/ot_tree_inspect.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/example/outdeg1count/outdeg1count.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/example/patristic/patristic.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/example/phylobaseinterface/NCLInterface.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/example/phylobaseinterface/NCLInterface.h
Examining data/libncl-2.1.21+git20190531.feceb81/example/polytomy-count/polytomy_count.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/example/splitsinfile/splitsinfile.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/example/splitsinfile/splitsstructs.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/example/splitsinfile/splitsstructs.h
Examining data/libncl-2.1.21+git20190531.feceb81/example/subsetter/subsetter.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/example/translate/translateNuc.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/html/v2.1/funcdocs/simpleNCLClient/simpleNCLClient.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/ncl.h
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxsallocatematrix.h
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxsassumptionsblock.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxsassumptionsblock.h
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxsblock.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxsblock.h
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxscdiscretematrix.h
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxscharactersblock.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxscharactersblock.h
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxscxxdiscretematrix.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxscxxdiscretematrix.h
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxsdatablock.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxsdatablock.h
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxsdefs.h
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxsdiscretedatum.h
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxsdistancedatum.h
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxsdistancesblock.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxsdistancesblock.h
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxsexception.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxsexception.h
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxsmultiformat.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxsmultiformat.h
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxspublicblocks.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxspublicblocks.h
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxsreader.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxsreader.h
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxssetreader.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxssetreader.h
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxsstring.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxsstring.h
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxstaxaassociationblock.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxstaxaassociationblock.h
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxstaxablock.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxstaxablock.h
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxstoken.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxstoken.h
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxstreesblock.cpp
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxstreesblock.h
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxsunalignedblock.h
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxsutilcopy.h
Examining data/libncl-2.1.21+git20190531.feceb81/ncl/nxsunalignedblock.cpp
FINAL RESULTS:
data/libncl-2.1.21+git20190531.feceb81/example/basiccmdline/basiccmdline.cpp:692:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(next_command, tmp.c_str());
data/libncl-2.1.21+git20190531.feceb81/example/phylobaseinterface/NCLInterface.cpp:1874:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(next_command, tmp.c_str());
data/libncl-2.1.21+git20190531.feceb81/ncl/nxscharactersblock.cpp:5236:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, sfo.c_str());
data/libncl-2.1.21+git20190531.feceb81/ncl/nxsstring.cpp:255:16: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# if !defined(vsnprintf)
data/libncl-2.1.21+git20190531.feceb81/ncl/nxsstring.cpp:256:12: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define vsnprintf _vsnprintf_s
data/libncl-2.1.21+git20190531.feceb81/ncl/nxsstring.cpp:258:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
# define sprintf sprintf_s
data/libncl-2.1.21+git20190531.feceb81/ncl/nxsstring.cpp:260:16: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define vsnprintf _vsnprintf
data/libncl-2.1.21+git20190531.feceb81/ncl/nxsstring.cpp:293:17: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int nAdded = vsnprintf(buf, kInitialBufferSize, formatStr, argList);
data/libncl-2.1.21+git20190531.feceb81/example/basiccmdline/basiccmdline.cpp:199:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(fn, "r");
data/libncl-2.1.21+git20190531.feceb81/example/basiccmdline/basiccmdline.cpp:557:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logf.open(logfname.c_str(), ios::out | ios::app);
data/libncl-2.1.21+git20190531.feceb81/example/basiccmdline/basiccmdline.cpp:567:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logf.open(logfname.c_str());
data/libncl-2.1.21+git20190531.feceb81/example/basiccmdline/basiccmdline.cpp:584:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logf.open(logfname.c_str());
data/libncl-2.1.21+git20190531.feceb81/example/basiccmdline/basiccmdline.cpp:884:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(next_command, "exe \'");
data/libncl-2.1.21+git20190531.feceb81/example/check-taxo-nodes/checktaxonnodes.cpp:433:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024];
data/libncl-2.1.21+git20190531.feceb81/example/gapcode/gapcode.cpp:215:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024];
data/libncl-2.1.21+git20190531.feceb81/example/nclsimplest/nclsimplest.cpp:14:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inf.open(infname, ios::binary);
data/libncl-2.1.21+git20190531.feceb81/example/nclsimplest/nclsimplest.cpp:15:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outf.open(outfname);
data/libncl-2.1.21+git20190531.feceb81/example/ncltest/ncltest.cpp:261:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024];
data/libncl-2.1.21+git20190531.feceb81/example/normalizer/converter.cpp:160:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outStream.open(filepath.c_str());
data/libncl-2.1.21+git20190531.feceb81/example/normalizer/converter.cpp:593:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outf.open(fn.c_str());
data/libncl-2.1.21+git20190531.feceb81/example/normalizer/converter.cpp:861:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
nexOut.open(fullName.c_str());
data/libncl-2.1.21+git20190531.feceb81/example/normalizer/normalizer.cpp:500:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024];
data/libncl-2.1.21+git20190531.feceb81/example/normalizer/normalizer.cpp:770:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gCommonFileStream.open(dname.c_str());
data/libncl-2.1.21+git20190531.feceb81/example/normalizer/us2ml.cpp:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[81];
data/libncl-2.1.21+git20190531.feceb81/example/normalizer/us2ml.cpp:81:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%u", n);
data/libncl-2.1.21+git20190531.feceb81/example/normalizer/us2ml.cpp:350:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
this->open(*ovec);
data/libncl-2.1.21+git20190531.feceb81/example/normalizer/us2ml.cpp:353:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open()
data/libncl-2.1.21+git20190531.feceb81/example/normalizer/us2ml.cpp:356:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
this->open(atts);
data/libncl-2.1.21+git20190531.feceb81/example/normalizer/us2ml.cpp:359:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const std::vector<AttributeData> &atts)
data/libncl-2.1.21+git20190531.feceb81/example/normalizer/us2ml.cpp:433:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
XMLElement::open(v);
data/libncl-2.1.21+git20190531.feceb81/example/normalizer/us2ml.cpp:466:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
XMLElement::open(v);
data/libncl-2.1.21+git20190531.feceb81/example/normalizer/us2ml.cpp:831:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
format.open();
data/libncl-2.1.21+git20190531.feceb81/example/normalizer/us2ml.cpp:838:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mat.open();
data/libncl-2.1.21+git20190531.feceb81/example/normalizer/us2ml.cpp:895:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
format.open();
data/libncl-2.1.21+git20190531.feceb81/example/normalizer/us2ml.cpp:903:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mat.open();
data/libncl-2.1.21+git20190531.feceb81/example/ot-subtree/otsubtree.cpp:261:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024];
data/libncl-2.1.21+git20190531.feceb81/example/ot-tree-inspect/ot_tree_inspect.cpp:193:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
namesFile.open(fn.c_str(), std::ofstream::out|std::ios::binary);
data/libncl-2.1.21+git20190531.feceb81/example/ot-tree-inspect/ot_tree_inspect.cpp:363:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024];
data/libncl-2.1.21+git20190531.feceb81/example/outdeg1count/outdeg1count.cpp:261:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024];
data/libncl-2.1.21+git20190531.feceb81/example/patristic/patristic.cpp:253:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024];
data/libncl-2.1.21+git20190531.feceb81/example/phylobaseinterface/NCLInterface.cpp:382:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100];
data/libncl-2.1.21+git20190531.feceb81/example/phylobaseinterface/NCLInterface.cpp:383:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%.10f", state);
data/libncl-2.1.21+git20190531.feceb81/example/phylobaseinterface/NCLInterface.cpp:805:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(fn, "r");
data/libncl-2.1.21+git20190531.feceb81/example/phylobaseinterface/NCLInterface.cpp:1159:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100];
data/libncl-2.1.21+git20190531.feceb81/example/phylobaseinterface/NCLInterface.cpp:1160:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%.10f", state);
data/libncl-2.1.21+git20190531.feceb81/example/phylobaseinterface/NCLInterface.cpp:1736:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logf.open(logfname.c_str(), ios::out | ios::app);
data/libncl-2.1.21+git20190531.feceb81/example/phylobaseinterface/NCLInterface.cpp:1746:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logf.open(logfname.c_str());
data/libncl-2.1.21+git20190531.feceb81/example/phylobaseinterface/NCLInterface.cpp:1763:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logf.open(logfname.c_str());
data/libncl-2.1.21+git20190531.feceb81/example/phylobaseinterface/NCLInterface.cpp:2052:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(next_command, "exe ");
data/libncl-2.1.21+git20190531.feceb81/example/polytomy-count/polytomy_count.cpp:189:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024];
data/libncl-2.1.21+git20190531.feceb81/example/splitsinfile/splitsinfile.cpp:255:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024];
data/libncl-2.1.21+git20190531.feceb81/example/translate/translateNuc.cpp:241:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024];
data/libncl-2.1.21+git20190531.feceb81/ncl/nxsmultiformat.cpp:1319:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inf.open(filepath, std::ios::binary);
data/libncl-2.1.21+git20190531.feceb81/ncl/nxspublicblocks.cpp:689:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inf.open(fn.c_str());
data/libncl-2.1.21+git20190531.feceb81/ncl/nxspublicblocks.cpp:717:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tnf.open(fn);
data/libncl-2.1.21+git20190531.feceb81/ncl/nxsreader.cpp:105:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inf.open(filename, ios::binary);
data/libncl-2.1.21+git20190531.feceb81/ncl/nxsstring.cpp:211:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[81];
data/libncl-2.1.21+git20190531.feceb81/ncl/nxsstring.cpp:216:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf(tmp, "%#3.6f", d);
data/libncl-2.1.21+git20190531.feceb81/ncl/nxsstring.cpp:240:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[2];
data/libncl-2.1.21+git20190531.feceb81/ncl/nxsstring.cpp:279:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[kInitialBufferSize];
data/libncl-2.1.21+git20190531.feceb81/ncl/nxsstring.cpp:490:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmtstr[81];
data/libncl-2.1.21+git20190531.feceb81/ncl/nxsstring.cpp:491:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fmtstr, "%%.%df", p);
data/libncl-2.1.21+git20190531.feceb81/ncl/nxsstring.h:443:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[2];
data/libncl-2.1.21+git20190531.feceb81/ncl/nxsstring.h:467:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[81];
data/libncl-2.1.21+git20190531.feceb81/ncl/nxsstring.h:468:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf(tmp, "%d", i);
data/libncl-2.1.21+git20190531.feceb81/ncl/nxsstring.h:502:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[81];
data/libncl-2.1.21+git20190531.feceb81/ncl/nxsstring.h:503:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf(tmp, "%u", i);
data/libncl-2.1.21+git20190531.feceb81/ncl/nxsstring.h:514:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[81];
data/libncl-2.1.21+git20190531.feceb81/ncl/nxsstring.h:515:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf(tmp, "%ld", l);
data/libncl-2.1.21+git20190531.feceb81/ncl/nxsstring.h:526:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[81];
data/libncl-2.1.21+git20190531.feceb81/ncl/nxsstring.h:527:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf(tmp, "%lu", l);
data/libncl-2.1.21+git20190531.feceb81/ncl/nxstoken.h:479:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char whitespace[4]; /* stores the 3 whitespace characters: blank space, tab and newline */
data/libncl-2.1.21+git20190531.feceb81/ncl/nxsutilcopy.h:219:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return (OutIt) std::memcpy(resultP, first, ((std::size_t) (last - first)) * sizeof(*first));
data/libncl-2.1.21+git20190531.feceb81/example/basiccmdline/basiccmdline.cpp:664:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned len = (unsigned)strlen(next_command);
data/libncl-2.1.21+git20190531.feceb81/example/basiccmdline/basiccmdline.cpp:687:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (unsigned)strlen(next_command);
data/libncl-2.1.21+git20190531.feceb81/example/basiccmdline/basiccmdline.cpp:885:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(next_command, infile_name, 252);
data/libncl-2.1.21+git20190531.feceb81/example/basiccmdline/basiccmdline.cpp:886:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(next_command, "\'", 252);
data/libncl-2.1.21+git20190531.feceb81/example/check-taxo-nodes/checktaxonnodes.cpp:437:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) > 0 && filename[0] != '#')
data/libncl-2.1.21+git20190531.feceb81/example/check-taxo-nodes/checktaxonnodes.cpp:489:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const unsigned slen = strlen(filepath);
data/libncl-2.1.21+git20190531.feceb81/example/check-taxo-nodes/checktaxonnodes.cpp:490:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filepath) > 1 && filepath[0] == '-' && filepath[1] == 'h')
data/libncl-2.1.21+git20190531.feceb81/example/check-taxo-nodes/checktaxonnodes.cpp:492:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(filepath) == 2 && filepath[0] == '-' && filepath[1] == 'v')
data/libncl-2.1.21+git20190531.feceb81/example/compressor/compressor.cpp:20:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[argi]) > 1 && argv[argi][0] == '-')
data/libncl-2.1.21+git20190531.feceb81/example/find-unsupported-edges/findunsupportededges.cpp:879:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const unsigned slen = strlen(filepath);
data/libncl-2.1.21+git20190531.feceb81/example/find-unsupported-edges/findunsupportededges.cpp:880:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filepath) > 1 && filepath[0] == '-' && filepath[1] == 'h')
data/libncl-2.1.21+git20190531.feceb81/example/find-unsupported-edges/findunsupportededges.cpp:882:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(filepath) == 2 && filepath[0] == '-' && filepath[1] == 'v')
data/libncl-2.1.21+git20190531.feceb81/example/gapcode/gapcode.cpp:219:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) > 0 && filename[0] != '#')
data/libncl-2.1.21+git20190531.feceb81/example/gapcode/gapcode.cpp:270:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const unsigned slen = strlen(filepath);
data/libncl-2.1.21+git20190531.feceb81/example/gapcode/gapcode.cpp:271:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filepath) > 1 && filepath[0] == '-' && filepath[1] == 'h')
data/libncl-2.1.21+git20190531.feceb81/example/gapcode/gapcode.cpp:312:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(filepath) > 2 && filepath[0] == '-' && filepath[1] == 'l')
data/libncl-2.1.21+git20190531.feceb81/example/gapcode/gapcode.cpp:317:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(filepath) == 2 && filepath[0] == '-' && filepath[1] == 'c')
data/libncl-2.1.21+git20190531.feceb81/example/gapcode/gapcode.cpp:321:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(filepath) == 2 && filepath[0] == '-' && filepath[1] == 'd')
data/libncl-2.1.21+git20190531.feceb81/example/ncltest/ncltest.cpp:265:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) > 0 && filename[0] != '#')
data/libncl-2.1.21+git20190531.feceb81/example/ncltest/ncltest.cpp:335:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filepath) > 1 && filepath[0] == '-' && filepath[1] == 'h')
data/libncl-2.1.21+git20190531.feceb81/example/ncltest/ncltest.cpp:337:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(filepath) > 2 && filepath[0] == '-' && filepath[1] == 's')
data/libncl-2.1.21+git20190531.feceb81/example/ncltest/ncltest.cpp:346:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(filepath) > 2 && filepath[0] == '-' && filepath[1] == 'l')
data/libncl-2.1.21+git20190531.feceb81/example/normalizer/normalizer.cpp:504:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) > 0 && filename[0] != '#')
data/libncl-2.1.21+git20190531.feceb81/example/normalizer/normalizer.cpp:646:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const unsigned slen = strlen(filepath);
data/libncl-2.1.21+git20190531.feceb81/example/normalizer/normalizer.cpp:885:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const unsigned slen = strlen(filepath);
data/libncl-2.1.21+git20190531.feceb81/example/normalizer/normalizer.cpp:888:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filepath) > 2 && filepath[0] == '-' && filepath[1] == 'l')
data/libncl-2.1.21+git20190531.feceb81/example/ot-subtree/otsubtree.cpp:265:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) > 0 && filename[0] != '#')
data/libncl-2.1.21+git20190531.feceb81/example/ot-subtree/otsubtree.cpp:295:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const unsigned slen = strlen(filepath);
data/libncl-2.1.21+git20190531.feceb81/example/ot-subtree/otsubtree.cpp:296:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filepath) > 1 && filepath[0] == '-' && filepath[1] == 'h')
data/libncl-2.1.21+git20190531.feceb81/example/ot-subtree/otsubtree.cpp:298:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(filepath) == 2 && filepath[0] == '-' && filepath[1] == 'v')
data/libncl-2.1.21+git20190531.feceb81/example/ot-tree-inspect/ot_tree_inspect.cpp:367:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) > 0 && filename[0] != '#')
data/libncl-2.1.21+git20190531.feceb81/example/ot-tree-inspect/ot_tree_inspect.cpp:424:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const unsigned slen = strlen(filepath);
data/libncl-2.1.21+git20190531.feceb81/example/ot-tree-inspect/ot_tree_inspect.cpp:425:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filepath) > 1 && filepath[0] == '-' && filepath[1] == 'h')
data/libncl-2.1.21+git20190531.feceb81/example/ot-tree-inspect/ot_tree_inspect.cpp:430:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(filepath) == 2 && filepath[0] == '-' && filepath[1] == 'v')
data/libncl-2.1.21+git20190531.feceb81/example/outdeg1count/outdeg1count.cpp:265:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) > 0 && filename[0] != '#')
data/libncl-2.1.21+git20190531.feceb81/example/outdeg1count/outdeg1count.cpp:317:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const unsigned slen = strlen(filepath);
data/libncl-2.1.21+git20190531.feceb81/example/outdeg1count/outdeg1count.cpp:318:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filepath) > 1 && filepath[0] == '-' && filepath[1] == 'h')
data/libncl-2.1.21+git20190531.feceb81/example/outdeg1count/outdeg1count.cpp:320:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(filepath) == 2 && filepath[0] == '-' && filepath[1] == 'v')
data/libncl-2.1.21+git20190531.feceb81/example/patristic/patristic.cpp:256:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) > 0 && filename[0] != '#')
data/libncl-2.1.21+git20190531.feceb81/example/patristic/patristic.cpp:283:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filepath) > 1 && filepath[0] == '-' && filepath[1] == 'h')
data/libncl-2.1.21+git20190531.feceb81/example/patristic/patristic.cpp:285:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(filepath) > 2 && filepath[0] == '-' && filepath[1] == 't') {
data/libncl-2.1.21+git20190531.feceb81/example/patristic/patristic.cpp:293:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(filepath) == 2 && filepath[0] == '-' && filepath[1] == 'm')
data/libncl-2.1.21+git20190531.feceb81/example/patristic/patristic.cpp:295:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(filepath) == 2 && filepath[0] == '-' && filepath[1] == 'n')
data/libncl-2.1.21+git20190531.feceb81/example/patristic/patristic.cpp:297:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(filepath) > 2 && filepath[0] == '-' && filepath[1] == 'l')
data/libncl-2.1.21+git20190531.feceb81/example/phylobaseinterface/NCLInterface.cpp:1844:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned len = (unsigned)strlen(next_command);
data/libncl-2.1.21+git20190531.feceb81/example/phylobaseinterface/NCLInterface.cpp:1869:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (unsigned)strlen(next_command);
data/libncl-2.1.21+git20190531.feceb81/example/phylobaseinterface/NCLInterface.cpp:2053:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(next_command, infile_name, 252);
data/libncl-2.1.21+git20190531.feceb81/example/polytomy-count/polytomy_count.cpp:193:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) > 0 && filename[0] != '#')
data/libncl-2.1.21+git20190531.feceb81/example/polytomy-count/polytomy_count.cpp:245:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const unsigned slen = strlen(filepath);
data/libncl-2.1.21+git20190531.feceb81/example/polytomy-count/polytomy_count.cpp:246:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filepath) > 1 && filepath[0] == '-' && filepath[1] == 'h')
data/libncl-2.1.21+git20190531.feceb81/example/polytomy-count/polytomy_count.cpp:248:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(filepath) == 2 && filepath[0] == '-' && filepath[1] == 'v')
data/libncl-2.1.21+git20190531.feceb81/example/splitsinfile/splitsinfile.cpp:259:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) > 0 && filename[0] != '#')
data/libncl-2.1.21+git20190531.feceb81/example/splitsinfile/splitsinfile.cpp:319:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const unsigned slen = strlen(filepath);
data/libncl-2.1.21+git20190531.feceb81/example/splitsinfile/splitsinfile.cpp:320:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filepath) > 1 && filepath[0] == '-' && filepath[1] == 'h')
data/libncl-2.1.21+git20190531.feceb81/example/splitsinfile/splitsinfile.cpp:322:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(filepath) == 2 && filepath[0] == '-' && filepath[1] == 'r')
data/libncl-2.1.21+git20190531.feceb81/example/splitsinfile/splitsinfile.cpp:324:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(filepath) == 2 && filepath[0] == '-' && filepath[1] == 'v')
data/libncl-2.1.21+git20190531.feceb81/example/splitsinfile/splitsinfile.cpp:326:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(filepath) == 2 && filepath[0] == '-' && filepath[1] == 't')
data/libncl-2.1.21+git20190531.feceb81/example/splitsinfile/splitsinfile.cpp:328:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(filepath) == 2 && filepath[0] == '-' && filepath[1] == 'p')
data/libncl-2.1.21+git20190531.feceb81/example/splitsinfile/splitsinfile.cpp:330:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(filepath) == 2 && filepath[0] == '-' && filepath[1] == 'o')
data/libncl-2.1.21+git20190531.feceb81/example/splitsinfile/splitsinfile.cpp:332:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(filepath) == 2 && filepath[0] == '-' && filepath[1] == 'e')
data/libncl-2.1.21+git20190531.feceb81/example/splitsinfile/splitsinfile.cpp:336:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(filepath) == 2 && filepath[0] == '-' && filepath[1] == 'd')
data/libncl-2.1.21+git20190531.feceb81/example/splitsinfile/splitsinfile.cpp:340:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(filepath) == 2 && filepath[0] == '-' && filepath[1] == 'b')
data/libncl-2.1.21+git20190531.feceb81/example/splitsinfile/splitsinfile.cpp:415:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filepath) > 2 && filepath[0] == '-' && filepath[1] == 'l')
data/libncl-2.1.21+git20190531.feceb81/example/translate/translateNuc.cpp:245:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) > 0 && filename[0] != '#')
data/libncl-2.1.21+git20190531.feceb81/example/translate/translateNuc.cpp:305:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const unsigned slen = strlen(filepath);
data/libncl-2.1.21+git20190531.feceb81/example/translate/translateNuc.cpp:306:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filepath) > 1 && filepath[0] == '-' && filepath[1] == 'h')
data/libncl-2.1.21+git20190531.feceb81/example/translate/translateNuc.cpp:364:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(filepath) > 2 && filepath[0] == '-' && filepath[1] == 'l')
data/libncl-2.1.21+git20190531.feceb81/ncl/nxsmultiformat.cpp:248:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inf.read(buffer, inbuffer);
data/libncl-2.1.21+git20190531.feceb81/ncl/nxsmultiformat.cpp:272:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inf.read(buffer + offset, inbuffer);
data/libncl-2.1.21+git20190531.feceb81/ncl/nxsmultiformat.cpp:713:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const unsigned lenFirstWord = (unsigned const)strlen(firstWord);
data/libncl-2.1.21+git20190531.feceb81/ncl/nxsreader.cpp:234:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bool emptyTitle = strlen(title) == 0;
data/libncl-2.1.21+git20190531.feceb81/ncl/nxsstring.cpp:217:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned tmplen = (unsigned)strlen(tmp);
ANALYSIS SUMMARY:
Hits = 145
Lines analyzed = 43872 in approximately 1.30 seconds (33760 lines/second)
Physical Source Lines of Code (SLOC) = 33500
Hits@level = [0] 0 [1] 72 [2] 65 [3] 0 [4] 8 [5] 0
Hits@level+ = [0+] 145 [1+] 145 [2+] 73 [3+] 8 [4+] 8 [5+] 0
Hits/KSLOC@level+ = [0+] 4.32836 [1+] 4.32836 [2+] 2.1791 [3+] 0.238806 [4+] 0.238806 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.