Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libvcflib-1.0.1+dfsg/multichoose/multichoose.h
Examining data/libvcflib-1.0.1+dfsg/multichoose/multipermute.cpp
Examining data/libvcflib-1.0.1+dfsg/multichoose/multichoose.c
Examining data/libvcflib-1.0.1+dfsg/multichoose/multipermute.h
Examining data/libvcflib-1.0.1+dfsg/multichoose/multichoose.cpp
Examining data/libvcflib-1.0.1+dfsg/test/tests/mainTest.cpp
Examining data/libvcflib-1.0.1+dfsg/test/tests/variantFileTests.h
Examining data/libvcflib-1.0.1+dfsg/test/tests/variantTests.h
Examining data/libvcflib-1.0.1+dfsg/filevercmp/filevercmp.c
Examining data/libvcflib-1.0.1+dfsg/filevercmp/main.c
Examining data/libvcflib-1.0.1+dfsg/filevercmp/filevercmp.h
Examining data/libvcflib-1.0.1+dfsg/intervaltree/catch.hpp
Examining data/libvcflib-1.0.1+dfsg/intervaltree/IntervalTree.h
Examining data/libvcflib-1.0.1+dfsg/intervaltree/interval_tree_test.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfremap.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfannotate.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfleftalign.cpp
Examining data/libvcflib-1.0.1+dfsg/src/segmentIhs.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfgeno2haplo.cpp
Examining data/libvcflib-1.0.1+dfsg/src/wcFst.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfafpath.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfsamplenames.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfrandom.cpp
Examining data/libvcflib-1.0.1+dfsg/src/pdflib.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfannotategenotypes.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfremovesamples.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfunphase.cpp
Examining data/libvcflib-1.0.1+dfsg/src/normalize-iHS.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcffilter.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfcreatemulti.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfstats.cpp
Examining data/libvcflib-1.0.1+dfsg/src/veclib_types.h
Examining data/libvcflib-1.0.1+dfsg/src/split.cpp
Examining data/libvcflib-1.0.1+dfsg/src/bFst.cpp
Examining data/libvcflib-1.0.1+dfsg/src/meltEHH.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfevenregions.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfnull2ref.cpp
Examining data/libvcflib-1.0.1+dfsg/src/hapLrt.cpp
Examining data/libvcflib-1.0.1+dfsg/src/segmentFst.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcflength.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vec128int.h
Examining data/libvcflib-1.0.1+dfsg/src/vcfgenotypecompare.cpp
Examining data/libvcflib-1.0.1+dfsg/src/genotypeSummary.cpp
Examining data/libvcflib-1.0.1+dfsg/src/var.hpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfgenosummarize.cpp
Examining data/libvcflib-1.0.1+dfsg/src/cdflib.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfaltcount.cpp
Examining data/libvcflib-1.0.1+dfsg/src/abba-baba.cpp
Examining data/libvcflib-1.0.1+dfsg/src/splitUniqStarts.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfgeno2alleles.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfgenotypes.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfld.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfhetcount.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfprimers.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfsom.cpp
Examining data/libvcflib-1.0.1+dfsg/src/pFst.cpp
Examining data/libvcflib-1.0.1+dfsg/src/Variant.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfgenosamplenames.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfkeepsamples.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcf2dag.cpp
Examining data/libvcflib-1.0.1+dfsg/src/rnglib.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfToHap.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfparsealts.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfnumalt.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfglxgt.cpp
Examining data/libvcflib-1.0.1+dfsg/src/smoother.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfaddinfo.cpp
Examining data/libvcflib-1.0.1+dfsg/src/join.h
Examining data/libvcflib-1.0.1+dfsg/src/vcfinfo2qual.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfindex.cpp
Examining data/libvcflib-1.0.1+dfsg/src/var.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfhethomratio.cpp
Examining data/libvcflib-1.0.1+dfsg/src/xpEHH.cpp
Examining data/libvcflib-1.0.1+dfsg/src/cdflib.hpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfremoveaberrantgenotypes.cpp
Examining data/libvcflib-1.0.1+dfsg/src/gl-XPEHH.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfcommonsamples.cpp
Examining data/libvcflib-1.0.1+dfsg/src/dumpContigsFromHeader.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfallelicprimitives.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfsitesummarize.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfecho.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfuniqalleles.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfintersect.cpp
Examining data/libvcflib-1.0.1+dfsg/src/sequenceDiversity.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfbreakmulti.cpp
Examining data/libvcflib-1.0.1+dfsg/src/permuteRegions.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfuniq.cpp
Examining data/libvcflib-1.0.1+dfsg/src/mt19937ar.h
Examining data/libvcflib-1.0.1+dfsg/src/vcfclassify.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfcheck.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfglbound.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfrandomsample.cpp
Examining data/libvcflib-1.0.1+dfsg/src/rnglib.hpp
Examining data/libvcflib-1.0.1+dfsg/src/vcf2tsv.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfdistance.cpp
Examining data/libvcflib-1.0.1+dfsg/src/iHS.cpp
Examining data/libvcflib-1.0.1+dfsg/src/BedReader.h
Examining data/libvcflib-1.0.1+dfsg/src/popStats.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfsamplestats.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfinfosummarize.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfkeepgeno.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfcountalleles.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfroc.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcf2fasta.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfcat.cpp
Examining data/libvcflib-1.0.1+dfsg/src/permuteSmooth.cpp
Examining data/libvcflib-1.0.1+dfsg/src/plotHaps.cpp
Examining data/libvcflib-1.0.1+dfsg/src/convert.h
Examining data/libvcflib-1.0.1+dfsg/src/pdflib.hpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfflatten.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcffixup.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfcombine.cpp
Examining data/libvcflib-1.0.1+dfsg/src/pVst.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfqual2info.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfstreamsort.cpp
Examining data/libvcflib-1.0.1+dfsg/src/gpatInfo.hpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfnormalizesvs.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfsamplediff.cpp
Examining data/libvcflib-1.0.1+dfsg/src/split.h
Examining data/libvcflib-1.0.1+dfsg/src/permuteGPATsmoother.cpp
Examining data/libvcflib-1.0.1+dfsg/src/permuteGPAT++.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfcleancomplex.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfkeepinfo.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfsample2info.cpp
Examining data/libvcflib-1.0.1+dfsg/src/vcfoverlay.cpp
Examining data/libvcflib-1.0.1+dfsg/src/Variant.h
Examining data/libvcflib-1.0.1+dfsg/src/vcfentropy.cpp
FINAL RESULTS:
data/libvcflib-1.0.1+dfsg/intervaltree/catch.hpp:7567:18: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand( config.rngSeed() );
data/libvcflib-1.0.1+dfsg/intervaltree/interval_tree_test.cpp:135:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)time(NULL));
data/libvcflib-1.0.1+dfsg/src/abba-baba.cpp:190:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
iarg = getopt_long(argc, argv, "r:d:t:f:y:hv", longopts, &index);
data/libvcflib-1.0.1+dfsg/src/abba-baba.cpp:259:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(0)); //initialize random number generator
data/libvcflib-1.0.1+dfsg/src/bFst.cpp:345:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)time(NULL));
data/libvcflib-1.0.1+dfsg/src/bFst.cpp:380:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
iarg = getopt_long(argc, argv, "d:t:b:f:hv", longopts, &index);
data/libvcflib-1.0.1+dfsg/src/genotypeSummary.cpp:80:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)time(NULL));
data/libvcflib-1.0.1+dfsg/src/genotypeSummary.cpp:126:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
iarg = getopt_long(argc, argv, "y:r:d:t:b:f:chvsa", longopts, &index);
data/libvcflib-1.0.1+dfsg/src/gl-XPEHH.cpp:419:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)time(NULL));
data/libvcflib-1.0.1+dfsg/src/gl-XPEHH.cpp:468:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
iarg = getopt_long(argc, argv, "p:m:r:d:t:b:f:hv", longopts, &findex);
data/libvcflib-1.0.1+dfsg/src/hapLrt.cpp:313:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)time(NULL));
data/libvcflib-1.0.1+dfsg/src/hapLrt.cpp:359:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
iarg = getopt_long(argc, argv, "y:r:t:b:f:hv", longopts, &findex);
data/libvcflib-1.0.1+dfsg/src/iHS.cpp:433:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
iarg = getopt_long(argc, argv, "a:x:g:y:r:d:t:b:f:hv", longopts, &findex);
data/libvcflib-1.0.1+dfsg/src/meltEHH.cpp:410:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
iarg = getopt_long(argc, argv, "a:x:g:y:r:d:t:b:f:p:hv", longopts, &findex);
data/libvcflib-1.0.1+dfsg/src/normalize-iHS.cpp:99:11: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt(argc, argv, optString);
data/libvcflib-1.0.1+dfsg/src/normalize-iHS.cpp:125:8: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt( argc, argv, optString );
data/libvcflib-1.0.1+dfsg/src/pFst.cpp:130:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
iarg = getopt_long(argc, argv, "r:d:t:b:f:y:chv", longopts, &index);
data/libvcflib-1.0.1+dfsg/src/pVst.cpp:268:8: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand ( unsigned ( std::time(0) ) );
data/libvcflib-1.0.1+dfsg/src/pVst.cpp:321:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
iarg = getopt_long(argc, argv, "n:r:d:t:b:f:y:x:hv", longopts, &index);
data/libvcflib-1.0.1+dfsg/src/permuteGPAT++.cpp:71:11: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt(argc, argv, optString);
data/libvcflib-1.0.1+dfsg/src/permuteGPAT++.cpp:97:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt( argc, argv, optString );
data/libvcflib-1.0.1+dfsg/src/permuteGPAT++.cpp:181:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand (time(NULL));
data/libvcflib-1.0.1+dfsg/src/permuteGPATsmoother.cpp:72:11: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt(argc, argv, optString);
data/libvcflib-1.0.1+dfsg/src/permuteGPATsmoother.cpp:98:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt( argc, argv, optString );
data/libvcflib-1.0.1+dfsg/src/permuteGPATsmoother.cpp:182:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand (time(NULL));
data/libvcflib-1.0.1+dfsg/src/permuteRegions.cpp:137:9: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt(argc, argv, optString);
data/libvcflib-1.0.1+dfsg/src/permuteRegions.cpp:194:11: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt( argc, argv, optString );
data/libvcflib-1.0.1+dfsg/src/permuteRegions.cpp:287:1: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand (time(NULL));
data/libvcflib-1.0.1+dfsg/src/permuteSmooth.cpp:139:9: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt(argc, argv, optString);
data/libvcflib-1.0.1+dfsg/src/permuteSmooth.cpp:197:11: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt( argc, argv, optString );
data/libvcflib-1.0.1+dfsg/src/permuteSmooth.cpp:302:1: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand (time(NULL));
data/libvcflib-1.0.1+dfsg/src/plotHaps.cpp:169:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)time(NULL));
data/libvcflib-1.0.1+dfsg/src/plotHaps.cpp:216:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
iarg = getopt_long(argc, argv, "y:r:t:f:hv", longopts, &findex);
data/libvcflib-1.0.1+dfsg/src/popStats.cpp:77:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)time(NULL));
data/libvcflib-1.0.1+dfsg/src/popStats.cpp:115:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
iarg = getopt_long(argc, argv, "y:r:d:t:b:f:chv", longopts, &index);
data/libvcflib-1.0.1+dfsg/src/segmentFst.cpp:94:11: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt(argc, argv, optString);
data/libvcflib-1.0.1+dfsg/src/segmentFst.cpp:120:8: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt( argc, argv, optString );
data/libvcflib-1.0.1+dfsg/src/segmentIhs.cpp:94:11: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt(argc, argv, optString);
data/libvcflib-1.0.1+dfsg/src/segmentIhs.cpp:120:8: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt( argc, argv, optString );
data/libvcflib-1.0.1+dfsg/src/sequenceDiversity.cpp:166:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)time(NULL));
data/libvcflib-1.0.1+dfsg/src/sequenceDiversity.cpp:230:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
iarg = getopt_long(argc, argv, "a:w:y:r:t:b:f:edhv", longopts, &findex);
data/libvcflib-1.0.1+dfsg/src/smoother.cpp:233:12: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
iarg = getopt_long(argc, argv, "f:w:s:o:vht", longopts, &index);
data/libvcflib-1.0.1+dfsg/src/splitUniqStarts.cpp:81:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
iarg = getopt_long(argc, argv, "p:f:r:vh", longopts, &index);
data/libvcflib-1.0.1+dfsg/src/vcf2dag.cpp:49:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "hr:",
data/libvcflib-1.0.1+dfsg/src/vcf2fasta.cpp:221:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "hmf:p:P:n:",
data/libvcflib-1.0.1+dfsg/src/vcf2tsv.cpp:113:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "hn:g",
data/libvcflib-1.0.1+dfsg/src/vcfToHap.cpp:217:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
iarg = getopt_long(argc, argv, "a:x:g:y:r:d:t:b:f:hv", longopts, &findex);
data/libvcflib-1.0.1+dfsg/src/vcfallelicprimitives.cpp:69:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "hmkgt:L:",
data/libvcflib-1.0.1+dfsg/src/vcfannotate.cpp:48:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "hb:k:d:",
data/libvcflib-1.0.1+dfsg/src/vcfbreakmulti.cpp:43:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "h",
data/libvcflib-1.0.1+dfsg/src/vcfcheck.cpp:52:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "hvxkf:",
data/libvcflib-1.0.1+dfsg/src/vcfcombine.cpp:47:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "vhr:",
data/libvcflib-1.0.1+dfsg/src/vcfcreatemulti.cpp:112:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "h",
data/libvcflib-1.0.1+dfsg/src/vcfentropy.cpp:48:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "hf:w:",
data/libvcflib-1.0.1+dfsg/src/vcfevenregions.cpp:73:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "hf:n:o:l:s:p:",
data/libvcflib-1.0.1+dfsg/src/vcffilter.cpp:116:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "hvAsof:g:kt:F:r:a:",
data/libvcflib-1.0.1+dfsg/src/vcfgeno2haplo.cpp:70:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "hvow:r:",
data/libvcflib-1.0.1+dfsg/src/vcfglbound.cpp:41:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "hxb:",
data/libvcflib-1.0.1+dfsg/src/vcfglxgt.cpp:38:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "hn",
data/libvcflib-1.0.1+dfsg/src/vcfinfosummarize.cpp:73:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "hamnxfv:i:",
data/libvcflib-1.0.1+dfsg/src/vcfintersect.cpp:100:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "hvcSlmob:i:u:w:r:t:V:M:T:R:",
data/libvcflib-1.0.1+dfsg/src/vcfld.cpp:141:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)time(NULL));
data/libvcflib-1.0.1+dfsg/src/vcfld.cpp:202:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
iarg = getopt_long(argc, argv, "w:y:r:t:b:f:edhv", longopts, &findex);
data/libvcflib-1.0.1+dfsg/src/vcfleftalign.cpp:506:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "hw:r:",
data/libvcflib-1.0.1+dfsg/src/vcfnormalizesvs.cpp:37:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "sr:i:h",
data/libvcflib-1.0.1+dfsg/src/vcfoverlay.cpp:36:11: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "hv",
data/libvcflib-1.0.1+dfsg/src/vcfprimers.cpp:55:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "hf:l:",
data/libvcflib-1.0.1+dfsg/src/vcfrandom.cpp:34:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/libvcflib-1.0.1+dfsg/src/vcfrandomsample.cpp:51:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "hqr:s:p:",
data/libvcflib-1.0.1+dfsg/src/vcfrandomsample.cpp:104:17: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
fstream random;
data/libvcflib-1.0.1+dfsg/src/vcfrandomsample.cpp:106:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random.open("/dev/urandom", fstream::in);
data/libvcflib-1.0.1+dfsg/src/vcfrandomsample.cpp:108:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random.open("/dev/random", fstream::in);
data/libvcflib-1.0.1+dfsg/src/vcfrandomsample.cpp:110:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random.get((char*) &seed, sizeof(int));
data/libvcflib-1.0.1+dfsg/src/vcfrandomsample.cpp:111:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random.close();
data/libvcflib-1.0.1+dfsg/src/vcfremap.cpp:81:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "hza:w:r:m:x:o:e:s:R:",
data/libvcflib-1.0.1+dfsg/src/vcfroc.cpp:143:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "hcw:r:t:",
data/libvcflib-1.0.1+dfsg/src/vcfsample2info.cpp:69:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "hamnxf:i:",
data/libvcflib-1.0.1+dfsg/src/vcfsamplediff.cpp:70:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "hs",
data/libvcflib-1.0.1+dfsg/src/vcfsamplestats.cpp:51:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "h",
data/libvcflib-1.0.1+dfsg/src/vcfsom.cpp:262:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "hpdi:x:y:a:s:f:c:T:F:",
data/libvcflib-1.0.1+dfsg/src/vcfstats.cpp:116:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "hlatr:m:x:o:e:",
data/libvcflib-1.0.1+dfsg/src/vcfstreamsort.cpp:49:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "haw:",
data/libvcflib-1.0.1+dfsg/src/wcFst.cpp:76:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)time(NULL));
data/libvcflib-1.0.1+dfsg/src/wcFst.cpp:122:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
iarg = getopt_long(argc, argv, "y:r:d:t:b:f:chv", longopts, &index);
data/libvcflib-1.0.1+dfsg/src/xpEHH.cpp:198:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)time(NULL));
data/libvcflib-1.0.1+dfsg/src/xpEHH.cpp:247:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
iarg = getopt_long(argc, argv, "y:r:t:b:f:hv", longopts, &findex);
data/libvcflib-1.0.1+dfsg/intervaltree/catch.hpp:1563:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct TrueType { char sizer[1]; };
data/libvcflib-1.0.1+dfsg/intervaltree/catch.hpp:1564:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct FalseType { char sizer[2]; };
data/libvcflib-1.0.1+dfsg/intervaltree/catch.hpp:2736:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char storage[sizeof(T)];
data/libvcflib-1.0.1+dfsg/intervaltree/catch.hpp:5388:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() {
data/libvcflib-1.0.1+dfsg/intervaltree/catch.hpp:5465:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
section->open();
data/libvcflib-1.0.1+dfsg/intervaltree/catch.hpp:5498:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tracker->open();
data/libvcflib-1.0.1+dfsg/intervaltree/catch.hpp:6558:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[bufferSize];
data/libvcflib-1.0.1+dfsg/intervaltree/catch.hpp:6595:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ofs.open( filename.c_str() );
data/libvcflib-1.0.1+dfsg/intervaltree/catch.hpp:7735:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char asChar[sizeof (int)];
data/libvcflib-1.0.1+dfsg/intervaltree/catch.hpp:8494:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[CATCH_CONFIG_CONSOLE_WIDTH] = {0};
data/libvcflib-1.0.1+dfsg/multichoose/multichoose.c:15:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(argv[1]);
data/libvcflib-1.0.1+dfsg/multichoose/multichoose.cpp:50:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int k = atoi(argv[1]);
data/libvcflib-1.0.1+dfsg/src/BedReader.h:45:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
startPos = atoi(region.substr(foundFirstColon + 1).c_str());
data/libvcflib-1.0.1+dfsg/src/BedReader.h:50:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
startPos = atoi(region.substr(foundFirstColon + 1, foundRangeSep - foundFirstColon).c_str());
data/libvcflib-1.0.1+dfsg/src/BedReader.h:53:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stopPos = atoi(region.substr(foundRangeSep + sep.size()).c_str()); // end-exclusive, bed-format
data/libvcflib-1.0.1+dfsg/src/BedReader.h:111:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(strip(fields[1]).c_str()),
data/libvcflib-1.0.1+dfsg/src/BedReader.h:112:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(strip(fields[2]).c_str()),
data/libvcflib-1.0.1+dfsg/src/BedReader.h:145:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(fname);
data/libvcflib-1.0.1+dfsg/src/BedReader.h:158:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const string& fname) {
data/libvcflib-1.0.1+dfsg/src/BedReader.h:159:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(fname.c_str());
data/libvcflib-1.0.1+dfsg/src/Variant.cpp:6:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rev_arr [26] = {84, 66, 71, 68, 69, 70, 67, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 65,
data/libvcflib-1.0.1+dfsg/src/Variant.cpp:2533:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cigar.push_back(make_pair(atoi(number.c_str()), type));
data/libvcflib-1.0.1+dfsg/src/Variant.cpp:2543:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cigar.push_back(make_pair(atoi(number.c_str()), type));
data/libvcflib-1.0.1+dfsg/src/Variant.cpp:2560:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cigar.push_back(make_pair(atoi(number.c_str()), type));
data/libvcflib-1.0.1+dfsg/src/Variant.cpp:2570:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cigar.push_back(make_pair(atoi(number.c_str()), type));
data/libvcflib-1.0.1+dfsg/src/Variant.h:96:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(string& filename) {
data/libvcflib-1.0.1+dfsg/src/Variant.h:107:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_file.open(filename.c_str(), ifstream::in);
data/libvcflib-1.0.1+dfsg/src/Variant.h:119:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(istream& stream) {
data/libvcflib-1.0.1+dfsg/src/Variant.h:125:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(ifstream& stream) {
data/libvcflib-1.0.1+dfsg/src/abba-baba.cpp:131:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int indx = atoi((*it).c_str());
data/libvcflib-1.0.1+dfsg/src/abba-baba.cpp:227:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/bFst.cpp:336:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index[ atoi( (*it).c_str() ) ] = 1;
data/libvcflib-1.0.1+dfsg/src/bFst.cpp:473:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:1789:10: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
# define atol (1.0e-50)
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:1946:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T4 = atol;
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:1994:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T10 = atol;
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2030:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T14 = atol;
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2061:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
# undef atol
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2149:10: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
# define atol (1.0e-50)
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2313:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T5 = atol;
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2349:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T9 = atol;
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2382:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T12 = atol;
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2424:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
# undef atol
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2510:10: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
# define atol (1.0e-50)
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2635:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T6 = atol;
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2675:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T10 = atol;
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2710:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
# undef atol
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2805:10: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
# define atol (1.0e-50)
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2893:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T5 = atol;
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2924:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T9 = atol;
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2954:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T12 = atol;
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2981:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
# undef atol
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:3069:10: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
# define atol (1.0e-50)
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:3190:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T6 = atol;
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:3232:11: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T10 = atol;
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:3285:11: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T14 = atol;
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:3326:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
# undef atol
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:3445:10: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
# define atol (1.0e-50)
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:3543:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T5 = atol;
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:3574:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T9 = atol;
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:3605:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T13 = atol;
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:3635:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T16 = atol;
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:3662:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
# undef atol
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:3745:10: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
# define atol (1.0e-50)
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:3895:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T7 = atol;
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:3945:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
# undef atol
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:4033:10: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
# define atol (1.0e-50)
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:4191:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T6 = atol;
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:4226:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T9 = atol;
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:4259:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T12 = atol;
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:4302:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
# undef atol
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:4564:10: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
# define atol (1.0e-50)
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:4674:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T6 = atol;
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:4709:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T9 = atol;
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:4740:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
# undef atol
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:4815:10: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
# define atol (1.0e-50)
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:4918:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T6 = atol;
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:4954:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T10 = atol;
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:4985:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
# undef atol
data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:10856:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char time_buffer[TIME_SIZE];
data/libvcflib-1.0.1+dfsg/src/dumpContigsFromHeader.cpp:19:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/genotypeSummary.cpp:69:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index[ atoi( (*it).c_str() ) ] = 1;
data/libvcflib-1.0.1+dfsg/src/genotypeSummary.cpp:197:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
is_open=variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/genotypeSummary.cpp:201:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
is_open=variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/gl-XPEHH.cpp:184:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index[ atoi( (*it).c_str() ) ] = 1;
data/libvcflib-1.0.1+dfsg/src/gl-XPEHH.cpp:505:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
phased = atoi(optarg);
data/libvcflib-1.0.1+dfsg/src/gl-XPEHH.cpp:543:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/hapLrt.cpp:66:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index[ atoi( (*it).c_str() ) ] = 1;
data/libvcflib-1.0.1+dfsg/src/hapLrt.cpp:418:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/iHS.cpp:121:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int pos = atoi(region[3].c_str()) ;
data/libvcflib-1.0.1+dfsg/src/iHS.cpp:172:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index[ atoi( (*it).c_str() ) ] = 1;
data/libvcflib-1.0.1+dfsg/src/iHS.cpp:444:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
globalOpts.threads = atoi(optarg);
data/libvcflib-1.0.1+dfsg/src/iHS.cpp:533:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(globalOpts.filename);
data/libvcflib-1.0.1+dfsg/src/meltEHH.cpp:117:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int pos = atoi(region[3].c_str()) ;
data/libvcflib-1.0.1+dfsg/src/meltEHH.cpp:168:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index[ atoi( (*it).c_str() ) ] = 1;
data/libvcflib-1.0.1+dfsg/src/meltEHH.cpp:416:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
globalOpts.pos = atoi(optarg);
data/libvcflib-1.0.1+dfsg/src/meltEHH.cpp:427:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
globalOpts.threads = atoi(optarg);
data/libvcflib-1.0.1+dfsg/src/meltEHH.cpp:518:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(globalOpts.filename);
data/libvcflib-1.0.1+dfsg/src/pFst.cpp:65:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index[ atoi( (*it).c_str() ) ] = 1;
data/libvcflib-1.0.1+dfsg/src/pFst.cpp:186:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/pVst.cpp:235:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index[ atoi( (*it).c_str() ) ] = 1;
data/libvcflib-1.0.1+dfsg/src/pVst.cpp:331:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nper = atoi(optarg);
data/libvcflib-1.0.1+dfsg/src/pVst.cpp:349:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cpu = atoi(optarg);
data/libvcflib-1.0.1+dfsg/src/pVst.cpp:399:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/pVst.cpp:460:16: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
varDat->end = atol(var.info["END"].front().c_str());
data/libvcflib-1.0.1+dfsg/src/permuteGPAT++.cpp:81:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
globalOpts.npermutation = atoi(((string)optarg).c_str());
data/libvcflib-1.0.1+dfsg/src/permuteGPAT++.cpp:87:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
globalOpts.nsuc = atoi(((string)optarg).c_str());
data/libvcflib-1.0.1+dfsg/src/permuteGPATsmoother.cpp:82:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
globalOpts.npermutation = atoi(((string)optarg).c_str());
data/libvcflib-1.0.1+dfsg/src/permuteGPATsmoother.cpp:88:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
globalOpts.nsuc = atoi(((string)optarg).c_str());
data/libvcflib-1.0.1+dfsg/src/permuteRegions.cpp:142:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
globalOpts.threads = atoi(optarg);
data/libvcflib-1.0.1+dfsg/src/permuteRegions.cpp:336:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sp->pos = atoi(region[1].c_str());
data/libvcflib-1.0.1+dfsg/src/permuteRegions.cpp:365:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sp->n = atoi(region[globalOpts.nIndex].c_str());
data/libvcflib-1.0.1+dfsg/src/permuteSmooth.cpp:144:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
globalOpts.threads = atoi(optarg);
data/libvcflib-1.0.1+dfsg/src/permuteSmooth.cpp:352:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sp->pos = atoi(region[1].c_str());
data/libvcflib-1.0.1+dfsg/src/permuteSmooth.cpp:381:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sp->n = atoi(region[globalOpts.nIndex].c_str());
data/libvcflib-1.0.1+dfsg/src/plotHaps.cpp:56:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index[ atoi( (*it).c_str() ) ] = 1;
data/libvcflib-1.0.1+dfsg/src/plotHaps.cpp:269:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/popStats.cpp:68:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index[ atoi( (*it).c_str() ) ] = 1;
data/libvcflib-1.0.1+dfsg/src/popStats.cpp:158:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!variantFile.open(filename)){
data/libvcflib-1.0.1+dfsg/src/rnglib.cpp:1792:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char time_buffer[TIME_SIZE];
data/libvcflib-1.0.1+dfsg/src/segmentFst.cpp:277:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(lineDat[1].c_str()) < lastPos){
data/libvcflib-1.0.1+dfsg/src/segmentFst.cpp:281:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lastPos = atoi(lineDat[1].c_str());
data/libvcflib-1.0.1+dfsg/src/segmentFst.cpp:283:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos.push_back(atoi(lineDat[1].c_str()));
data/libvcflib-1.0.1+dfsg/src/segmentIhs.cpp:275:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(lineDat[1].c_str()) < lastPos){
data/libvcflib-1.0.1+dfsg/src/segmentIhs.cpp:279:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lastPos = atoi(lineDat[1].c_str());
data/libvcflib-1.0.1+dfsg/src/segmentIhs.cpp:281:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos.push_back(atoi(lineDat[1].c_str()));
data/libvcflib-1.0.1+dfsg/src/sequenceDiversity.cpp:66:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index[ atoi( (*it).c_str() ) ] = 1;
data/libvcflib-1.0.1+dfsg/src/sequenceDiversity.cpp:329:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/smoother.cpp:130:24: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
current.position = atol( sline[opt.pos].c_str() );
data/libvcflib-1.0.1+dfsg/src/smoother.cpp:258:13: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.step = atol(optarg);
data/libvcflib-1.0.1+dfsg/src/smoother.cpp:264:13: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.size = atol(optarg);
data/libvcflib-1.0.1+dfsg/src/splitUniqStarts.cpp:127:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!variantFile.open(filename)){
data/libvcflib-1.0.1+dfsg/src/splitUniqStarts.cpp:196:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!variantFile.open(filename)){
data/libvcflib-1.0.1+dfsg/src/splitUniqStarts.cpp:207:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
oz->open(fname.str().c_str());
data/libvcflib-1.0.1+dfsg/src/vcf2dag.cpp:79:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(inputFilename);
data/libvcflib-1.0.1+dfsg/src/vcf2dag.cpp:81:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcf2dag.cpp:94:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
reference.open(fastaFileName);
data/libvcflib-1.0.1+dfsg/src/vcf2fasta.cpp:38:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(string& m_filename, string& m_seqname, int m_linewidth = 80) {
data/libvcflib-1.0.1+dfsg/src/vcf2fasta.cpp:44:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fastafile.open(filename.c_str());
data/libvcflib-1.0.1+dfsg/src/vcf2fasta.cpp:107:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f.open(fileName, thisSeqName);
data/libvcflib-1.0.1+dfsg/src/vcf2fasta.cpp:242:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
defaultPloidy = atoi(optarg);
data/libvcflib-1.0.1+dfsg/src/vcf2fasta.cpp:265:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
reference.open(fastaFileName);
data/libvcflib-1.0.1+dfsg/src/vcf2fasta.cpp:269:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcf2fasta.cpp:271:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcf2tsv.cpp:148:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(inputFilename);
data/libvcflib-1.0.1+dfsg/src/vcf2tsv.cpp:150:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!variantFile.open(std::cin)) {
data/libvcflib-1.0.1+dfsg/src/vcfToHap.cpp:117:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int pos = atoi(region[3].c_str()) ;
data/libvcflib-1.0.1+dfsg/src/vcfToHap.cpp:172:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index[ atoi( (*it).c_str() ) ] = 1;
data/libvcflib-1.0.1+dfsg/src/vcfToHap.cpp:228:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
globalOpts.threads = atoi(optarg);
data/libvcflib-1.0.1+dfsg/src/vcfToHap.cpp:317:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(globalOpts.filename);
data/libvcflib-1.0.1+dfsg/src/vcfaddinfo.cpp:37:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFileA.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfaddinfo.cpp:39:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFileA.open(filenameA);
data/libvcflib-1.0.1+dfsg/src/vcfaddinfo.cpp:44:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFileB.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfaddinfo.cpp:46:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFileB.open(filenameB);
data/libvcflib-1.0.1+dfsg/src/vcfafpath.cpp:15:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfafpath.cpp:17:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfallelicprimitives.cpp:98:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxLength = atoi(optarg);
data/libvcflib-1.0.1+dfsg/src/vcfallelicprimitives.cpp:113:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfallelicprimitives.cpp:115:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfaltcount.cpp:21:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfannotate.cpp:92:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(inputFilename);
data/libvcflib-1.0.1+dfsg/src/vcfannotate.cpp:94:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfannotategenotypes.cpp:112:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFileA.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfannotategenotypes.cpp:114:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFileA.open(filenameA);
data/libvcflib-1.0.1+dfsg/src/vcfannotategenotypes.cpp:119:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFileB.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfannotategenotypes.cpp:121:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFileB.open(filenameB);
data/libvcflib-1.0.1+dfsg/src/vcfbreakmulti.cpp:67:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfbreakmulti.cpp:69:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfcat.cpp:16:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfcheck.cpp:115:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ref.open(fastaRef);
data/libvcflib-1.0.1+dfsg/src/vcfcheck.cpp:121:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(inputFilename);
data/libvcflib-1.0.1+dfsg/src/vcfcheck.cpp:123:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfclassify.cpp:97:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfclassify.cpp:99:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfcleancomplex.cpp:25:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfcleancomplex.cpp:27:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfcombine.cpp:109:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
vcf->open(inputFilename);
data/libvcflib-1.0.1+dfsg/src/vcfcommonsamples.cpp:47:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFileA.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfcommonsamples.cpp:49:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFileA.open(filenameA);
data/libvcflib-1.0.1+dfsg/src/vcfcommonsamples.cpp:54:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFileB.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfcommonsamples.cpp:56:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFileB.open(filenameB);
data/libvcflib-1.0.1+dfsg/src/vcfcountalleles.cpp:12:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfcountalleles.cpp:14:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfcreatemulti.cpp:136:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfcreatemulti.cpp:138:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfdistance.cpp:27:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfecho.cpp:12:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfecho.cpp:14:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfentropy.cpp:72:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
windowSize = atoi(optarg);
data/libvcflib-1.0.1+dfsg/src/vcfentropy.cpp:101:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ref.open(fastaRef);
data/libvcflib-1.0.1+dfsg/src/vcfentropy.cpp:107:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(inputFilename);
data/libvcflib-1.0.1+dfsg/src/vcfentropy.cpp:109:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfevenregions.cpp:97:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
number_of_regions = atoi(optarg);
data/libvcflib-1.0.1+dfsg/src/vcfevenregions.cpp:101:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
number_of_positions = atoi(optarg);
data/libvcflib-1.0.1+dfsg/src/vcfevenregions.cpp:105:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
offset = atoi(optarg);
data/libvcflib-1.0.1+dfsg/src/vcfevenregions.cpp:109:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
overlap = atoi(optarg);
data/libvcflib-1.0.1+dfsg/src/vcfevenregions.cpp:138:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ref.open(fastaRef);
data/libvcflib-1.0.1+dfsg/src/vcfevenregions.cpp:144:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(inputFilename);
data/libvcflib-1.0.1+dfsg/src/vcfevenregions.cpp:146:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcffilter.cpp:214:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(inputFilename);
data/libvcflib-1.0.1+dfsg/src/vcffilter.cpp:216:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcffixup.cpp:54:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcffixup.cpp:61:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfflatten.cpp:31:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfflatten.cpp:33:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfgeno2alleles.cpp:20:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfgeno2alleles.cpp:42:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int index = atoi(g->c_str());
data/libvcflib-1.0.1+dfsg/src/vcfgeno2haplo.cpp:89:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
windowsize = atoi(optarg);
data/libvcflib-1.0.1+dfsg/src/vcfgeno2haplo.cpp:117:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(inputFilename);
data/libvcflib-1.0.1+dfsg/src/vcfgeno2haplo.cpp:119:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfgeno2haplo.cpp:132:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
reference.open(fastaFileName);
data/libvcflib-1.0.1+dfsg/src/vcfgenosamplenames.cpp:12:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfgenosamplenames.cpp:14:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfgenosummarize.cpp:25:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfgenosummarize.cpp:28:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfgenotypecompare.cpp:43:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfgenotypecompare.cpp:45:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfgenotypes.cpp:23:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfgenotypes.cpp:25:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfglbound.cpp:93:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(inputFilename);
data/libvcflib-1.0.1+dfsg/src/vcfglbound.cpp:95:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfglxgt.cpp:81:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(inputFilename);
data/libvcflib-1.0.1+dfsg/src/vcfglxgt.cpp:83:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfhetcount.cpp:24:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(inputFilename);
data/libvcflib-1.0.1+dfsg/src/vcfhetcount.cpp:26:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfhethomratio.cpp:22:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfhethomratio.cpp:24:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfindex.cpp:14:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfindex.cpp:16:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfinfo2qual.cpp:22:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfinfo2qual.cpp:24:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfinfosummarize.cpp:152:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(inputFilename);
data/libvcflib-1.0.1+dfsg/src/vcfinfosummarize.cpp:154:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfintersect.cpp:109:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
windowsize = atoi(optarg);
data/libvcflib-1.0.1+dfsg/src/vcfintersect.cpp:195:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(inputFilename);
data/libvcflib-1.0.1+dfsg/src/vcfintersect.cpp:197:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfintersect.cpp:220:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bed.open(bedFileName);
data/libvcflib-1.0.1+dfsg/src/vcfintersect.cpp:235:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
otherVariantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfintersect.cpp:238:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
otherVariantFile.open(vcfFileName);
data/libvcflib-1.0.1+dfsg/src/vcfintersect.cpp:278:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
reference.open(fastaFileName);
data/libvcflib-1.0.1+dfsg/src/vcfkeepgeno.cpp:32:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfkeepgeno.cpp:34:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfkeepinfo.cpp:27:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfkeepinfo.cpp:29:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfkeepsamples.cpp:26:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfkeepsamples.cpp:28:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfld.cpp:56:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index[ atoi( (*it).c_str() ) ] = 1;
data/libvcflib-1.0.1+dfsg/src/vcfld.cpp:260:21: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
windowSize = atol( win.c_str() );
data/libvcflib-1.0.1+dfsg/src/vcfld.cpp:293:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfleftalign.cpp:519:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
window = atoi(optarg);
data/libvcflib-1.0.1+dfsg/src/vcfleftalign.cpp:538:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfleftalign.cpp:540:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfleftalign.cpp:553:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fastaReference.open(fastaFileName);
data/libvcflib-1.0.1+dfsg/src/vcflength.cpp:14:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcflength.cpp:16:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfnormalizesvs.cpp:71:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfnormalizesvs.cpp:81:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ins->open(x);
data/libvcflib-1.0.1+dfsg/src/vcfnormalizesvs.cpp:87:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ref.open(ref_file);
data/libvcflib-1.0.1+dfsg/src/vcfnull2ref.cpp:23:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfnull2ref.cpp:25:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfnumalt.cpp:22:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfnumalt.cpp:24:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfoverlay.cpp:83:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!variantFile->open(inputFilename)) {
data/libvcflib-1.0.1+dfsg/src/vcfparsealts.cpp:12:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfparsealts.cpp:14:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfprimers.cpp:79:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
primerLength = atoi(optarg);
data/libvcflib-1.0.1+dfsg/src/vcfprimers.cpp:108:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ref.open(fastaRef);
data/libvcflib-1.0.1+dfsg/src/vcfprimers.cpp:114:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(inputFilename);
data/libvcflib-1.0.1+dfsg/src/vcfprimers.cpp:116:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfqual2info.cpp:21:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfqual2info.cpp:23:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfrandomsample.cpp:67:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seed = atoi(optarg);
data/libvcflib-1.0.1+dfsg/src/vcfrandomsample.cpp:92:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(inputFilename);
data/libvcflib-1.0.1+dfsg/src/vcfrandomsample.cpp:94:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfrandomsample.cpp:106:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
random.open("/dev/urandom", fstream::in);
data/libvcflib-1.0.1+dfsg/src/vcfrandomsample.cpp:108:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
random.open("/dev/random", fstream::in);
data/libvcflib-1.0.1+dfsg/src/vcfremap.cpp:90:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
windowsize = atoi(optarg);
data/libvcflib-1.0.1+dfsg/src/vcfremap.cpp:123:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
altwindowsize = atoi(optarg);
data/libvcflib-1.0.1+dfsg/src/vcfremap.cpp:149:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(inputFilename);
data/libvcflib-1.0.1+dfsg/src/vcfremap.cpp:151:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfremap.cpp:164:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
freference.open(fastaFileName);
data/libvcflib-1.0.1+dfsg/src/vcfremap.cpp:228:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
len = atoi(slen.c_str());
data/libvcflib-1.0.1+dfsg/src/vcfremap.cpp:240:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
len = atoi(slen.c_str());
data/libvcflib-1.0.1+dfsg/src/vcfremap.cpp:251:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
len = atoi(slen.c_str());
data/libvcflib-1.0.1+dfsg/src/vcfremap.cpp:276:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
len = atoi(slen.c_str());
data/libvcflib-1.0.1+dfsg/src/vcfremoveaberrantgenotypes.cpp:46:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfremoveaberrantgenotypes.cpp:48:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfremovesamples.cpp:46:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfremovesamples.cpp:48:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfroc.cpp:152:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
windowsize = atoi(optarg);
data/libvcflib-1.0.1+dfsg/src/vcfroc.cpp:186:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(inputFilename);
data/libvcflib-1.0.1+dfsg/src/vcfroc.cpp:188:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfroc.cpp:204:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
truthVariantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfroc.cpp:207:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
truthVariantFile.open(truthVcfFileName);
data/libvcflib-1.0.1+dfsg/src/vcfroc.cpp:220:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
reference.open(fastaFileName);
data/libvcflib-1.0.1+dfsg/src/vcfsample2info.cpp:136:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(inputFilename);
data/libvcflib-1.0.1+dfsg/src/vcfsample2info.cpp:138:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfsamplediff.cpp:125:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfsamplediff.cpp:127:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfsamplenames.cpp:12:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfsamplenames.cpp:14:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfsamplestats.cpp:93:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(inputFilename);
data/libvcflib-1.0.1+dfsg/src/vcfsamplestats.cpp:95:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfsitesummarize.cpp:12:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfsitesummarize.cpp:14:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfsom.cpp:354:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(inputFilename);
data/libvcflib-1.0.1+dfsg/src/vcfsom.cpp:356:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfsom.cpp:521:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
trueVariantFile.open(trueVCF);
data/libvcflib-1.0.1+dfsg/src/vcfsom.cpp:543:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
falseVariantFile.open(falseVCF);
data/libvcflib-1.0.1+dfsg/src/vcfstats.cpp:181:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(inputFilename);
data/libvcflib-1.0.1+dfsg/src/vcfstats.cpp:183:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfstreamsort.cpp:83:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(inputFilename);
data/libvcflib-1.0.1+dfsg/src/vcfstreamsort.cpp:85:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfuniq.cpp:12:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfuniq.cpp:14:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfuniqalleles.cpp:13:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfuniqalleles.cpp:15:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfunphase.cpp:23:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(std::cin);
data/libvcflib-1.0.1+dfsg/src/vcfunphase.cpp:25:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/vcfunphase.cpp:49:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gti.push_back(atoi(g->c_str()));
data/libvcflib-1.0.1+dfsg/src/vec128int.h:326:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const vector unsigned char permute_selector[4] = {
data/libvcflib-1.0.1+dfsg/src/vec128int.h:346:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const vector unsigned char permute_selector[2] = {
data/libvcflib-1.0.1+dfsg/src/vec128int.h:369:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const vector unsigned char permute_selector[8] = {
data/libvcflib-1.0.1+dfsg/src/vec128int.h:399:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const vector unsigned char permute_selector[16] = {
data/libvcflib-1.0.1+dfsg/src/vec128int.h:476:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const vector unsigned char permute_selector[8] = {
data/libvcflib-1.0.1+dfsg/src/vec128int.h:1493:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const vector unsigned char permute_selector[16] = {
data/libvcflib-1.0.1+dfsg/src/veclib_types.h:170:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char as_char [8];
data/libvcflib-1.0.1+dfsg/src/veclib_types.h:171:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char as_signed_char [8];
data/libvcflib-1.0.1+dfsg/src/veclib_types.h:183:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char as_char [8];
data/libvcflib-1.0.1+dfsg/src/veclib_types.h:184:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char as_unsigned_char [8];
data/libvcflib-1.0.1+dfsg/src/veclib_types.h:185:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char as_signed_char [8];
data/libvcflib-1.0.1+dfsg/src/veclib_types.h:211:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char as_char [16];
data/libvcflib-1.0.1+dfsg/src/veclib_types.h:245:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char as_char [16];
data/libvcflib-1.0.1+dfsg/src/veclib_types.h:278:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
vector signed char as_vector_signed_char [2];
data/libvcflib-1.0.1+dfsg/src/veclib_types.h:279:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
vector unsigned char as_vector_unsigned_char [2];
data/libvcflib-1.0.1+dfsg/src/veclib_types.h:280:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
vector bool char as_vector_bool_char [2];
data/libvcflib-1.0.1+dfsg/src/veclib_types.h:290:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char as_char [32];
data/libvcflib-1.0.1+dfsg/src/veclib_types.h:317:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
vector signed char as_vector_signed_char [2];
data/libvcflib-1.0.1+dfsg/src/veclib_types.h:318:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
vector unsigned char as_vector_unsigned_char [2];
data/libvcflib-1.0.1+dfsg/src/veclib_types.h:319:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
vector bool char as_vector_bool_char [2];
data/libvcflib-1.0.1+dfsg/src/veclib_types.h:330:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char as_char [32];
data/libvcflib-1.0.1+dfsg/src/wcFst.cpp:67:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index[ atoi( (*it).c_str() ) ] = 1;
data/libvcflib-1.0.1+dfsg/src/wcFst.cpp:170:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/src/xpEHH.cpp:67:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index[ atoi( (*it).c_str() ) ] = 1;
data/libvcflib-1.0.1+dfsg/src/xpEHH.cpp:305:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/test/tests/variantFileTests.h:7:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TEST(VariantCallFile, open){
data/libvcflib-1.0.1+dfsg/test/tests/variantFileTests.h:13:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/test/tests/variantFileTests.h:25:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/test/tests/variantFileTests.h:40:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/test/tests/variantFileTests.h:54:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
data/libvcflib-1.0.1+dfsg/test/tests/variantTests.h:17:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantFile.open(filename);
ANALYSIS SUMMARY:
Hits = 437
Lines analyzed = 56413 in approximately 1.54 seconds (36561 lines/second)
Physical Source Lines of Code (SLOC) = 38938
Hits@level = [0] 49 [1] 0 [2] 351 [3] 86 [4] 0 [5] 0
Hits@level+ = [0+] 486 [1+] 437 [2+] 437 [3+] 86 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 12.4814 [1+] 11.223 [2+] 11.223 [3+] 2.20864 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.