Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libvcflib-1.0.1+dfsg/multichoose/multichoose.h Examining data/libvcflib-1.0.1+dfsg/multichoose/multipermute.cpp Examining data/libvcflib-1.0.1+dfsg/multichoose/multichoose.c Examining data/libvcflib-1.0.1+dfsg/multichoose/multipermute.h Examining data/libvcflib-1.0.1+dfsg/multichoose/multichoose.cpp Examining data/libvcflib-1.0.1+dfsg/test/tests/mainTest.cpp Examining data/libvcflib-1.0.1+dfsg/test/tests/variantFileTests.h Examining data/libvcflib-1.0.1+dfsg/test/tests/variantTests.h Examining data/libvcflib-1.0.1+dfsg/filevercmp/filevercmp.c Examining data/libvcflib-1.0.1+dfsg/filevercmp/main.c Examining data/libvcflib-1.0.1+dfsg/filevercmp/filevercmp.h Examining data/libvcflib-1.0.1+dfsg/intervaltree/catch.hpp Examining data/libvcflib-1.0.1+dfsg/intervaltree/IntervalTree.h Examining data/libvcflib-1.0.1+dfsg/intervaltree/interval_tree_test.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfremap.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfannotate.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfleftalign.cpp Examining data/libvcflib-1.0.1+dfsg/src/segmentIhs.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfgeno2haplo.cpp Examining data/libvcflib-1.0.1+dfsg/src/wcFst.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfafpath.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfsamplenames.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfrandom.cpp Examining data/libvcflib-1.0.1+dfsg/src/pdflib.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfannotategenotypes.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfremovesamples.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfunphase.cpp Examining data/libvcflib-1.0.1+dfsg/src/normalize-iHS.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcffilter.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfcreatemulti.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfstats.cpp Examining data/libvcflib-1.0.1+dfsg/src/veclib_types.h Examining data/libvcflib-1.0.1+dfsg/src/split.cpp Examining data/libvcflib-1.0.1+dfsg/src/bFst.cpp Examining data/libvcflib-1.0.1+dfsg/src/meltEHH.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfevenregions.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfnull2ref.cpp Examining data/libvcflib-1.0.1+dfsg/src/hapLrt.cpp Examining data/libvcflib-1.0.1+dfsg/src/segmentFst.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcflength.cpp Examining data/libvcflib-1.0.1+dfsg/src/vec128int.h Examining data/libvcflib-1.0.1+dfsg/src/vcfgenotypecompare.cpp Examining data/libvcflib-1.0.1+dfsg/src/genotypeSummary.cpp Examining data/libvcflib-1.0.1+dfsg/src/var.hpp Examining data/libvcflib-1.0.1+dfsg/src/vcfgenosummarize.cpp Examining data/libvcflib-1.0.1+dfsg/src/cdflib.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfaltcount.cpp Examining data/libvcflib-1.0.1+dfsg/src/abba-baba.cpp Examining data/libvcflib-1.0.1+dfsg/src/splitUniqStarts.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfgeno2alleles.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfgenotypes.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfld.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfhetcount.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfprimers.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfsom.cpp Examining data/libvcflib-1.0.1+dfsg/src/pFst.cpp Examining data/libvcflib-1.0.1+dfsg/src/Variant.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfgenosamplenames.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfkeepsamples.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcf2dag.cpp Examining data/libvcflib-1.0.1+dfsg/src/rnglib.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfToHap.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfparsealts.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfnumalt.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfglxgt.cpp Examining data/libvcflib-1.0.1+dfsg/src/smoother.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfaddinfo.cpp Examining data/libvcflib-1.0.1+dfsg/src/join.h Examining data/libvcflib-1.0.1+dfsg/src/vcfinfo2qual.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfindex.cpp Examining data/libvcflib-1.0.1+dfsg/src/var.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfhethomratio.cpp Examining data/libvcflib-1.0.1+dfsg/src/xpEHH.cpp Examining data/libvcflib-1.0.1+dfsg/src/cdflib.hpp Examining data/libvcflib-1.0.1+dfsg/src/vcfremoveaberrantgenotypes.cpp Examining data/libvcflib-1.0.1+dfsg/src/gl-XPEHH.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfcommonsamples.cpp Examining data/libvcflib-1.0.1+dfsg/src/dumpContigsFromHeader.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfallelicprimitives.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfsitesummarize.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfecho.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfuniqalleles.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfintersect.cpp Examining data/libvcflib-1.0.1+dfsg/src/sequenceDiversity.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfbreakmulti.cpp Examining data/libvcflib-1.0.1+dfsg/src/permuteRegions.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfuniq.cpp Examining data/libvcflib-1.0.1+dfsg/src/mt19937ar.h Examining data/libvcflib-1.0.1+dfsg/src/vcfclassify.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfcheck.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfglbound.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfrandomsample.cpp Examining data/libvcflib-1.0.1+dfsg/src/rnglib.hpp Examining data/libvcflib-1.0.1+dfsg/src/vcf2tsv.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfdistance.cpp Examining data/libvcflib-1.0.1+dfsg/src/iHS.cpp Examining data/libvcflib-1.0.1+dfsg/src/BedReader.h Examining data/libvcflib-1.0.1+dfsg/src/popStats.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfsamplestats.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfinfosummarize.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfkeepgeno.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfcountalleles.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfroc.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcf2fasta.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfcat.cpp Examining data/libvcflib-1.0.1+dfsg/src/permuteSmooth.cpp Examining data/libvcflib-1.0.1+dfsg/src/plotHaps.cpp Examining data/libvcflib-1.0.1+dfsg/src/convert.h Examining data/libvcflib-1.0.1+dfsg/src/pdflib.hpp Examining data/libvcflib-1.0.1+dfsg/src/vcfflatten.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcffixup.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfcombine.cpp Examining data/libvcflib-1.0.1+dfsg/src/pVst.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfqual2info.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfstreamsort.cpp Examining data/libvcflib-1.0.1+dfsg/src/gpatInfo.hpp Examining data/libvcflib-1.0.1+dfsg/src/vcfnormalizesvs.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfsamplediff.cpp Examining data/libvcflib-1.0.1+dfsg/src/split.h Examining data/libvcflib-1.0.1+dfsg/src/permuteGPATsmoother.cpp Examining data/libvcflib-1.0.1+dfsg/src/permuteGPAT++.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfcleancomplex.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfkeepinfo.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfsample2info.cpp Examining data/libvcflib-1.0.1+dfsg/src/vcfoverlay.cpp Examining data/libvcflib-1.0.1+dfsg/src/Variant.h Examining data/libvcflib-1.0.1+dfsg/src/vcfentropy.cpp FINAL RESULTS: data/libvcflib-1.0.1+dfsg/intervaltree/catch.hpp:7567:18: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. std::srand( config.rngSeed() ); data/libvcflib-1.0.1+dfsg/intervaltree/interval_tree_test.cpp:135:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned)time(NULL)); data/libvcflib-1.0.1+dfsg/src/abba-baba.cpp:190:9: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. iarg = getopt_long(argc, argv, "r:d:t:f:y:hv", longopts, &index); data/libvcflib-1.0.1+dfsg/src/abba-baba.cpp:259:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(0)); //initialize random number generator data/libvcflib-1.0.1+dfsg/src/bFst.cpp:345:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned)time(NULL)); data/libvcflib-1.0.1+dfsg/src/bFst.cpp:380:9: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. iarg = getopt_long(argc, argv, "d:t:b:f:hv", longopts, &index); data/libvcflib-1.0.1+dfsg/src/genotypeSummary.cpp:80:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned)time(NULL)); data/libvcflib-1.0.1+dfsg/src/genotypeSummary.cpp:126:9: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. iarg = getopt_long(argc, argv, "y:r:d:t:b:f:chvsa", longopts, &index); data/libvcflib-1.0.1+dfsg/src/gl-XPEHH.cpp:419:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned)time(NULL)); data/libvcflib-1.0.1+dfsg/src/gl-XPEHH.cpp:468:9: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. iarg = getopt_long(argc, argv, "p:m:r:d:t:b:f:hv", longopts, &findex); data/libvcflib-1.0.1+dfsg/src/hapLrt.cpp:313:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned)time(NULL)); data/libvcflib-1.0.1+dfsg/src/hapLrt.cpp:359:9: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. iarg = getopt_long(argc, argv, "y:r:t:b:f:hv", longopts, &findex); data/libvcflib-1.0.1+dfsg/src/iHS.cpp:433:9: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. iarg = getopt_long(argc, argv, "a:x:g:y:r:d:t:b:f:hv", longopts, &findex); data/libvcflib-1.0.1+dfsg/src/meltEHH.cpp:410:9: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. iarg = getopt_long(argc, argv, "a:x:g:y:r:d:t:b:f:p:hv", longopts, &findex); data/libvcflib-1.0.1+dfsg/src/normalize-iHS.cpp:99:11: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. opt = getopt(argc, argv, optString); data/libvcflib-1.0.1+dfsg/src/normalize-iHS.cpp:125:8: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. opt = getopt( argc, argv, optString ); data/libvcflib-1.0.1+dfsg/src/pFst.cpp:130:9: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. iarg = getopt_long(argc, argv, "r:d:t:b:f:y:chv", longopts, &index); data/libvcflib-1.0.1+dfsg/src/pVst.cpp:268:8: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. std::srand ( unsigned ( std::time(0) ) ); data/libvcflib-1.0.1+dfsg/src/pVst.cpp:321:9: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. iarg = getopt_long(argc, argv, "n:r:d:t:b:f:y:x:hv", longopts, &index); data/libvcflib-1.0.1+dfsg/src/permuteGPAT++.cpp:71:11: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. opt = getopt(argc, argv, optString); data/libvcflib-1.0.1+dfsg/src/permuteGPAT++.cpp:97:13: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. opt = getopt( argc, argv, optString ); data/libvcflib-1.0.1+dfsg/src/permuteGPAT++.cpp:181:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand (time(NULL)); data/libvcflib-1.0.1+dfsg/src/permuteGPATsmoother.cpp:72:11: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. opt = getopt(argc, argv, optString); data/libvcflib-1.0.1+dfsg/src/permuteGPATsmoother.cpp:98:13: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. opt = getopt( argc, argv, optString ); data/libvcflib-1.0.1+dfsg/src/permuteGPATsmoother.cpp:182:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand (time(NULL)); data/libvcflib-1.0.1+dfsg/src/permuteRegions.cpp:137:9: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. opt = getopt(argc, argv, optString); data/libvcflib-1.0.1+dfsg/src/permuteRegions.cpp:194:11: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. opt = getopt( argc, argv, optString ); data/libvcflib-1.0.1+dfsg/src/permuteRegions.cpp:287:1: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand (time(NULL)); data/libvcflib-1.0.1+dfsg/src/permuteSmooth.cpp:139:9: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. opt = getopt(argc, argv, optString); data/libvcflib-1.0.1+dfsg/src/permuteSmooth.cpp:197:11: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. opt = getopt( argc, argv, optString ); data/libvcflib-1.0.1+dfsg/src/permuteSmooth.cpp:302:1: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand (time(NULL)); data/libvcflib-1.0.1+dfsg/src/plotHaps.cpp:169:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned)time(NULL)); data/libvcflib-1.0.1+dfsg/src/plotHaps.cpp:216:9: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. iarg = getopt_long(argc, argv, "y:r:t:f:hv", longopts, &findex); data/libvcflib-1.0.1+dfsg/src/popStats.cpp:77:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned)time(NULL)); data/libvcflib-1.0.1+dfsg/src/popStats.cpp:115:9: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. iarg = getopt_long(argc, argv, "y:r:d:t:b:f:chv", longopts, &index); data/libvcflib-1.0.1+dfsg/src/segmentFst.cpp:94:11: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. opt = getopt(argc, argv, optString); data/libvcflib-1.0.1+dfsg/src/segmentFst.cpp:120:8: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. opt = getopt( argc, argv, optString ); data/libvcflib-1.0.1+dfsg/src/segmentIhs.cpp:94:11: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. opt = getopt(argc, argv, optString); data/libvcflib-1.0.1+dfsg/src/segmentIhs.cpp:120:8: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. opt = getopt( argc, argv, optString ); data/libvcflib-1.0.1+dfsg/src/sequenceDiversity.cpp:166:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned)time(NULL)); data/libvcflib-1.0.1+dfsg/src/sequenceDiversity.cpp:230:9: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. iarg = getopt_long(argc, argv, "a:w:y:r:t:b:f:edhv", longopts, &findex); data/libvcflib-1.0.1+dfsg/src/smoother.cpp:233:12: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. iarg = getopt_long(argc, argv, "f:w:s:o:vht", longopts, &index); data/libvcflib-1.0.1+dfsg/src/splitUniqStarts.cpp:81:9: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. iarg = getopt_long(argc, argv, "p:f:r:vh", longopts, &index); data/libvcflib-1.0.1+dfsg/src/vcf2dag.cpp:49:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "hr:", data/libvcflib-1.0.1+dfsg/src/vcf2fasta.cpp:221:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "hmf:p:P:n:", data/libvcflib-1.0.1+dfsg/src/vcf2tsv.cpp:113:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "hn:g", data/libvcflib-1.0.1+dfsg/src/vcfToHap.cpp:217:9: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. iarg = getopt_long(argc, argv, "a:x:g:y:r:d:t:b:f:hv", longopts, &findex); data/libvcflib-1.0.1+dfsg/src/vcfallelicprimitives.cpp:69:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "hmkgt:L:", data/libvcflib-1.0.1+dfsg/src/vcfannotate.cpp:48:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "hb:k:d:", data/libvcflib-1.0.1+dfsg/src/vcfbreakmulti.cpp:43:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "h", data/libvcflib-1.0.1+dfsg/src/vcfcheck.cpp:52:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "hvxkf:", data/libvcflib-1.0.1+dfsg/src/vcfcombine.cpp:47:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "vhr:", data/libvcflib-1.0.1+dfsg/src/vcfcreatemulti.cpp:112:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "h", data/libvcflib-1.0.1+dfsg/src/vcfentropy.cpp:48:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "hf:w:", data/libvcflib-1.0.1+dfsg/src/vcfevenregions.cpp:73:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "hf:n:o:l:s:p:", data/libvcflib-1.0.1+dfsg/src/vcffilter.cpp:116:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "hvAsof:g:kt:F:r:a:", data/libvcflib-1.0.1+dfsg/src/vcfgeno2haplo.cpp:70:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "hvow:r:", data/libvcflib-1.0.1+dfsg/src/vcfglbound.cpp:41:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "hxb:", data/libvcflib-1.0.1+dfsg/src/vcfglxgt.cpp:38:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "hn", data/libvcflib-1.0.1+dfsg/src/vcfinfosummarize.cpp:73:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "hamnxfv:i:", data/libvcflib-1.0.1+dfsg/src/vcfintersect.cpp:100:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "hvcSlmob:i:u:w:r:t:V:M:T:R:", data/libvcflib-1.0.1+dfsg/src/vcfld.cpp:141:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned)time(NULL)); data/libvcflib-1.0.1+dfsg/src/vcfld.cpp:202:9: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. iarg = getopt_long(argc, argv, "w:y:r:t:b:f:edhv", longopts, &findex); data/libvcflib-1.0.1+dfsg/src/vcfleftalign.cpp:506:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "hw:r:", data/libvcflib-1.0.1+dfsg/src/vcfnormalizesvs.cpp:37:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "sr:i:h", data/libvcflib-1.0.1+dfsg/src/vcfoverlay.cpp:36:11: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "hv", data/libvcflib-1.0.1+dfsg/src/vcfprimers.cpp:55:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "hf:l:", data/libvcflib-1.0.1+dfsg/src/vcfrandom.cpp:34:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); data/libvcflib-1.0.1+dfsg/src/vcfrandomsample.cpp:51:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "hqr:s:p:", data/libvcflib-1.0.1+dfsg/src/vcfrandomsample.cpp:104:17: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. fstream random; data/libvcflib-1.0.1+dfsg/src/vcfrandomsample.cpp:106:13: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. random.open("/dev/urandom", fstream::in); data/libvcflib-1.0.1+dfsg/src/vcfrandomsample.cpp:108:13: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. random.open("/dev/random", fstream::in); data/libvcflib-1.0.1+dfsg/src/vcfrandomsample.cpp:110:9: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. random.get((char*) &seed, sizeof(int)); data/libvcflib-1.0.1+dfsg/src/vcfrandomsample.cpp:111:9: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. random.close(); data/libvcflib-1.0.1+dfsg/src/vcfremap.cpp:81:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "hza:w:r:m:x:o:e:s:R:", data/libvcflib-1.0.1+dfsg/src/vcfroc.cpp:143:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "hcw:r:t:", data/libvcflib-1.0.1+dfsg/src/vcfsample2info.cpp:69:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "hamnxf:i:", data/libvcflib-1.0.1+dfsg/src/vcfsamplediff.cpp:70:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "hs", data/libvcflib-1.0.1+dfsg/src/vcfsamplestats.cpp:51:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "h", data/libvcflib-1.0.1+dfsg/src/vcfsom.cpp:262:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "hpdi:x:y:a:s:f:c:T:F:", data/libvcflib-1.0.1+dfsg/src/vcfstats.cpp:116:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "hlatr:m:x:o:e:", data/libvcflib-1.0.1+dfsg/src/vcfstreamsort.cpp:49:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "haw:", data/libvcflib-1.0.1+dfsg/src/wcFst.cpp:76:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned)time(NULL)); data/libvcflib-1.0.1+dfsg/src/wcFst.cpp:122:9: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. iarg = getopt_long(argc, argv, "y:r:d:t:b:f:chv", longopts, &index); data/libvcflib-1.0.1+dfsg/src/xpEHH.cpp:198:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned)time(NULL)); data/libvcflib-1.0.1+dfsg/src/xpEHH.cpp:247:9: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. iarg = getopt_long(argc, argv, "y:r:t:b:f:hv", longopts, &findex); data/libvcflib-1.0.1+dfsg/intervaltree/catch.hpp:1563:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct TrueType { char sizer[1]; }; data/libvcflib-1.0.1+dfsg/intervaltree/catch.hpp:1564:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct FalseType { char sizer[2]; }; data/libvcflib-1.0.1+dfsg/intervaltree/catch.hpp:2736:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char storage[sizeof(T)]; data/libvcflib-1.0.1+dfsg/intervaltree/catch.hpp:5388:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open() { data/libvcflib-1.0.1+dfsg/intervaltree/catch.hpp:5465:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). section->open(); data/libvcflib-1.0.1+dfsg/intervaltree/catch.hpp:5498:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tracker->open(); data/libvcflib-1.0.1+dfsg/intervaltree/catch.hpp:6558:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[bufferSize]; data/libvcflib-1.0.1+dfsg/intervaltree/catch.hpp:6595:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ofs.open( filename.c_str() ); data/libvcflib-1.0.1+dfsg/intervaltree/catch.hpp:7735:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char asChar[sizeof (int)]; data/libvcflib-1.0.1+dfsg/intervaltree/catch.hpp:8494:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char line[CATCH_CONFIG_CONSOLE_WIDTH] = {0}; data/libvcflib-1.0.1+dfsg/multichoose/multichoose.c:15:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n = atoi(argv[1]); data/libvcflib-1.0.1+dfsg/multichoose/multichoose.cpp:50:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int k = atoi(argv[1]); data/libvcflib-1.0.1+dfsg/src/BedReader.h:45:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). startPos = atoi(region.substr(foundFirstColon + 1).c_str()); data/libvcflib-1.0.1+dfsg/src/BedReader.h:50:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). startPos = atoi(region.substr(foundFirstColon + 1, foundRangeSep - foundFirstColon).c_str()); data/libvcflib-1.0.1+dfsg/src/BedReader.h:53:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). stopPos = atoi(region.substr(foundRangeSep + sep.size()).c_str()); // end-exclusive, bed-format data/libvcflib-1.0.1+dfsg/src/BedReader.h:111:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(strip(fields[1]).c_str()), data/libvcflib-1.0.1+dfsg/src/BedReader.h:112:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(strip(fields[2]).c_str()), data/libvcflib-1.0.1+dfsg/src/BedReader.h:145:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(fname); data/libvcflib-1.0.1+dfsg/src/BedReader.h:158:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(const string& fname) { data/libvcflib-1.0.1+dfsg/src/BedReader.h:159:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(fname.c_str()); data/libvcflib-1.0.1+dfsg/src/Variant.cpp:6:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char rev_arr [26] = {84, 66, 71, 68, 69, 70, 67, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 65, data/libvcflib-1.0.1+dfsg/src/Variant.cpp:2533:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cigar.push_back(make_pair(atoi(number.c_str()), type)); data/libvcflib-1.0.1+dfsg/src/Variant.cpp:2543:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cigar.push_back(make_pair(atoi(number.c_str()), type)); data/libvcflib-1.0.1+dfsg/src/Variant.cpp:2560:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cigar.push_back(make_pair(atoi(number.c_str()), type)); data/libvcflib-1.0.1+dfsg/src/Variant.cpp:2570:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cigar.push_back(make_pair(atoi(number.c_str()), type)); data/libvcflib-1.0.1+dfsg/src/Variant.h:96:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(string& filename) { data/libvcflib-1.0.1+dfsg/src/Variant.h:107:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _file.open(filename.c_str(), ifstream::in); data/libvcflib-1.0.1+dfsg/src/Variant.h:119:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(istream& stream) { data/libvcflib-1.0.1+dfsg/src/Variant.h:125:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(ifstream& stream) { data/libvcflib-1.0.1+dfsg/src/abba-baba.cpp:131:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int indx = atoi((*it).c_str()); data/libvcflib-1.0.1+dfsg/src/abba-baba.cpp:227:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/bFst.cpp:336:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). index[ atoi( (*it).c_str() ) ] = 1; data/libvcflib-1.0.1+dfsg/src/bFst.cpp:473:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:1789:10: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). # define atol (1.0e-50) data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:1946:14: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). T4 = atol; data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:1994:15: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). T10 = atol; data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2030:15: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). T14 = atol; data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2061:9: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). # undef atol data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2149:10: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). # define atol (1.0e-50) data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2313:14: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). T5 = atol; data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2349:14: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). T9 = atol; data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2382:15: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). T12 = atol; data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2424:9: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). # undef atol data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2510:10: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). # define atol (1.0e-50) data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2635:14: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). T6 = atol; data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2675:15: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). T10 = atol; data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2710:9: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). # undef atol data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2805:10: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). # define atol (1.0e-50) data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2893:14: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). T5 = atol; data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2924:14: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). T9 = atol; data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2954:15: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). T12 = atol; data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:2981:9: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). # undef atol data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:3069:10: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). # define atol (1.0e-50) data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:3190:14: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). T6 = atol; data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:3232:11: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). T10 = atol; data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:3285:11: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). T14 = atol; data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:3326:9: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). # undef atol data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:3445:10: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). # define atol (1.0e-50) data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:3543:14: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). T5 = atol; data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:3574:14: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). T9 = atol; data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:3605:15: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). T13 = atol; data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:3635:15: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). T16 = atol; data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:3662:9: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). # undef atol data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:3745:10: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). # define atol (1.0e-50) data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:3895:14: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). T7 = atol; data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:3945:9: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). # undef atol data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:4033:10: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). # define atol (1.0e-50) data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:4191:14: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). T6 = atol; data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:4226:14: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). T9 = atol; data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:4259:15: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). T12 = atol; data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:4302:9: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). # undef atol data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:4564:10: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). # define atol (1.0e-50) data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:4674:14: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). T6 = atol; data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:4709:14: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). T9 = atol; data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:4740:9: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). # undef atol data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:4815:10: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). # define atol (1.0e-50) data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:4918:14: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). T6 = atol; data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:4954:15: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). T10 = atol; data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:4985:9: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). # undef atol data/libvcflib-1.0.1+dfsg/src/cdflib.cpp:10856:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char time_buffer[TIME_SIZE]; data/libvcflib-1.0.1+dfsg/src/dumpContigsFromHeader.cpp:19:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/genotypeSummary.cpp:69:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). index[ atoi( (*it).c_str() ) ] = 1; data/libvcflib-1.0.1+dfsg/src/genotypeSummary.cpp:197:29: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). is_open=variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/genotypeSummary.cpp:201:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). is_open=variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/gl-XPEHH.cpp:184:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). index[ atoi( (*it).c_str() ) ] = 1; data/libvcflib-1.0.1+dfsg/src/gl-XPEHH.cpp:505:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). phased = atoi(optarg); data/libvcflib-1.0.1+dfsg/src/gl-XPEHH.cpp:543:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/hapLrt.cpp:66:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). index[ atoi( (*it).c_str() ) ] = 1; data/libvcflib-1.0.1+dfsg/src/hapLrt.cpp:418:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/iHS.cpp:121:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int pos = atoi(region[3].c_str()) ; data/libvcflib-1.0.1+dfsg/src/iHS.cpp:172:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). index[ atoi( (*it).c_str() ) ] = 1; data/libvcflib-1.0.1+dfsg/src/iHS.cpp:444:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). globalOpts.threads = atoi(optarg); data/libvcflib-1.0.1+dfsg/src/iHS.cpp:533:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(globalOpts.filename); data/libvcflib-1.0.1+dfsg/src/meltEHH.cpp:117:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int pos = atoi(region[3].c_str()) ; data/libvcflib-1.0.1+dfsg/src/meltEHH.cpp:168:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). index[ atoi( (*it).c_str() ) ] = 1; data/libvcflib-1.0.1+dfsg/src/meltEHH.cpp:416:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). globalOpts.pos = atoi(optarg); data/libvcflib-1.0.1+dfsg/src/meltEHH.cpp:427:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). globalOpts.threads = atoi(optarg); data/libvcflib-1.0.1+dfsg/src/meltEHH.cpp:518:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(globalOpts.filename); data/libvcflib-1.0.1+dfsg/src/pFst.cpp:65:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). index[ atoi( (*it).c_str() ) ] = 1; data/libvcflib-1.0.1+dfsg/src/pFst.cpp:186:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/pVst.cpp:235:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). index[ atoi( (*it).c_str() ) ] = 1; data/libvcflib-1.0.1+dfsg/src/pVst.cpp:331:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nper = atoi(optarg); data/libvcflib-1.0.1+dfsg/src/pVst.cpp:349:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cpu = atoi(optarg); data/libvcflib-1.0.1+dfsg/src/pVst.cpp:399:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/pVst.cpp:460:16: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). varDat->end = atol(var.info["END"].front().c_str()); data/libvcflib-1.0.1+dfsg/src/permuteGPAT++.cpp:81:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). globalOpts.npermutation = atoi(((string)optarg).c_str()); data/libvcflib-1.0.1+dfsg/src/permuteGPAT++.cpp:87:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). globalOpts.nsuc = atoi(((string)optarg).c_str()); data/libvcflib-1.0.1+dfsg/src/permuteGPATsmoother.cpp:82:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). globalOpts.npermutation = atoi(((string)optarg).c_str()); data/libvcflib-1.0.1+dfsg/src/permuteGPATsmoother.cpp:88:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). globalOpts.nsuc = atoi(((string)optarg).c_str()); data/libvcflib-1.0.1+dfsg/src/permuteRegions.cpp:142:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). globalOpts.threads = atoi(optarg); data/libvcflib-1.0.1+dfsg/src/permuteRegions.cpp:336:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sp->pos = atoi(region[1].c_str()); data/libvcflib-1.0.1+dfsg/src/permuteRegions.cpp:365:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sp->n = atoi(region[globalOpts.nIndex].c_str()); data/libvcflib-1.0.1+dfsg/src/permuteSmooth.cpp:144:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). globalOpts.threads = atoi(optarg); data/libvcflib-1.0.1+dfsg/src/permuteSmooth.cpp:352:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sp->pos = atoi(region[1].c_str()); data/libvcflib-1.0.1+dfsg/src/permuteSmooth.cpp:381:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sp->n = atoi(region[globalOpts.nIndex].c_str()); data/libvcflib-1.0.1+dfsg/src/plotHaps.cpp:56:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). index[ atoi( (*it).c_str() ) ] = 1; data/libvcflib-1.0.1+dfsg/src/plotHaps.cpp:269:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/popStats.cpp:68:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). index[ atoi( (*it).c_str() ) ] = 1; data/libvcflib-1.0.1+dfsg/src/popStats.cpp:158:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!variantFile.open(filename)){ data/libvcflib-1.0.1+dfsg/src/rnglib.cpp:1792:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char time_buffer[TIME_SIZE]; data/libvcflib-1.0.1+dfsg/src/segmentFst.cpp:277:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(atoi(lineDat[1].c_str()) < lastPos){ data/libvcflib-1.0.1+dfsg/src/segmentFst.cpp:281:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lastPos = atoi(lineDat[1].c_str()); data/libvcflib-1.0.1+dfsg/src/segmentFst.cpp:283:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pos.push_back(atoi(lineDat[1].c_str())); data/libvcflib-1.0.1+dfsg/src/segmentIhs.cpp:275:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(atoi(lineDat[1].c_str()) < lastPos){ data/libvcflib-1.0.1+dfsg/src/segmentIhs.cpp:279:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lastPos = atoi(lineDat[1].c_str()); data/libvcflib-1.0.1+dfsg/src/segmentIhs.cpp:281:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pos.push_back(atoi(lineDat[1].c_str())); data/libvcflib-1.0.1+dfsg/src/sequenceDiversity.cpp:66:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). index[ atoi( (*it).c_str() ) ] = 1; data/libvcflib-1.0.1+dfsg/src/sequenceDiversity.cpp:329:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/smoother.cpp:130:24: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). current.position = atol( sline[opt.pos].c_str() ); data/libvcflib-1.0.1+dfsg/src/smoother.cpp:258:13: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). opt.step = atol(optarg); data/libvcflib-1.0.1+dfsg/src/smoother.cpp:264:13: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). opt.size = atol(optarg); data/libvcflib-1.0.1+dfsg/src/splitUniqStarts.cpp:127:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!variantFile.open(filename)){ data/libvcflib-1.0.1+dfsg/src/splitUniqStarts.cpp:196:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!variantFile.open(filename)){ data/libvcflib-1.0.1+dfsg/src/splitUniqStarts.cpp:207:6: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). oz->open(fname.str().c_str()); data/libvcflib-1.0.1+dfsg/src/vcf2dag.cpp:79:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(inputFilename); data/libvcflib-1.0.1+dfsg/src/vcf2dag.cpp:81:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcf2dag.cpp:94:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). reference.open(fastaFileName); data/libvcflib-1.0.1+dfsg/src/vcf2fasta.cpp:38:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(string& m_filename, string& m_seqname, int m_linewidth = 80) { data/libvcflib-1.0.1+dfsg/src/vcf2fasta.cpp:44:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fastafile.open(filename.c_str()); data/libvcflib-1.0.1+dfsg/src/vcf2fasta.cpp:107:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f.open(fileName, thisSeqName); data/libvcflib-1.0.1+dfsg/src/vcf2fasta.cpp:242:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). defaultPloidy = atoi(optarg); data/libvcflib-1.0.1+dfsg/src/vcf2fasta.cpp:265:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). reference.open(fastaFileName); data/libvcflib-1.0.1+dfsg/src/vcf2fasta.cpp:269:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcf2fasta.cpp:271:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcf2tsv.cpp:148:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(inputFilename); data/libvcflib-1.0.1+dfsg/src/vcf2tsv.cpp:150:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!variantFile.open(std::cin)) { data/libvcflib-1.0.1+dfsg/src/vcfToHap.cpp:117:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int pos = atoi(region[3].c_str()) ; data/libvcflib-1.0.1+dfsg/src/vcfToHap.cpp:172:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). index[ atoi( (*it).c_str() ) ] = 1; data/libvcflib-1.0.1+dfsg/src/vcfToHap.cpp:228:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). globalOpts.threads = atoi(optarg); data/libvcflib-1.0.1+dfsg/src/vcfToHap.cpp:317:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(globalOpts.filename); data/libvcflib-1.0.1+dfsg/src/vcfaddinfo.cpp:37:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFileA.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfaddinfo.cpp:39:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFileA.open(filenameA); data/libvcflib-1.0.1+dfsg/src/vcfaddinfo.cpp:44:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFileB.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfaddinfo.cpp:46:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFileB.open(filenameB); data/libvcflib-1.0.1+dfsg/src/vcfafpath.cpp:15:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfafpath.cpp:17:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfallelicprimitives.cpp:98:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxLength = atoi(optarg); data/libvcflib-1.0.1+dfsg/src/vcfallelicprimitives.cpp:113:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfallelicprimitives.cpp:115:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfaltcount.cpp:21:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfannotate.cpp:92:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(inputFilename); data/libvcflib-1.0.1+dfsg/src/vcfannotate.cpp:94:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfannotategenotypes.cpp:112:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFileA.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfannotategenotypes.cpp:114:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFileA.open(filenameA); data/libvcflib-1.0.1+dfsg/src/vcfannotategenotypes.cpp:119:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFileB.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfannotategenotypes.cpp:121:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFileB.open(filenameB); data/libvcflib-1.0.1+dfsg/src/vcfbreakmulti.cpp:67:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfbreakmulti.cpp:69:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfcat.cpp:16:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfcheck.cpp:115:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ref.open(fastaRef); data/libvcflib-1.0.1+dfsg/src/vcfcheck.cpp:121:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(inputFilename); data/libvcflib-1.0.1+dfsg/src/vcfcheck.cpp:123:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfclassify.cpp:97:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfclassify.cpp:99:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfcleancomplex.cpp:25:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfcleancomplex.cpp:27:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfcombine.cpp:109:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). vcf->open(inputFilename); data/libvcflib-1.0.1+dfsg/src/vcfcommonsamples.cpp:47:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFileA.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfcommonsamples.cpp:49:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFileA.open(filenameA); data/libvcflib-1.0.1+dfsg/src/vcfcommonsamples.cpp:54:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFileB.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfcommonsamples.cpp:56:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFileB.open(filenameB); data/libvcflib-1.0.1+dfsg/src/vcfcountalleles.cpp:12:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfcountalleles.cpp:14:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfcreatemulti.cpp:136:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfcreatemulti.cpp:138:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfdistance.cpp:27:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfecho.cpp:12:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfecho.cpp:14:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfentropy.cpp:72:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). windowSize = atoi(optarg); data/libvcflib-1.0.1+dfsg/src/vcfentropy.cpp:101:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ref.open(fastaRef); data/libvcflib-1.0.1+dfsg/src/vcfentropy.cpp:107:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(inputFilename); data/libvcflib-1.0.1+dfsg/src/vcfentropy.cpp:109:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfevenregions.cpp:97:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). number_of_regions = atoi(optarg); data/libvcflib-1.0.1+dfsg/src/vcfevenregions.cpp:101:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). number_of_positions = atoi(optarg); data/libvcflib-1.0.1+dfsg/src/vcfevenregions.cpp:105:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). offset = atoi(optarg); data/libvcflib-1.0.1+dfsg/src/vcfevenregions.cpp:109:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). overlap = atoi(optarg); data/libvcflib-1.0.1+dfsg/src/vcfevenregions.cpp:138:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ref.open(fastaRef); data/libvcflib-1.0.1+dfsg/src/vcfevenregions.cpp:144:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(inputFilename); data/libvcflib-1.0.1+dfsg/src/vcfevenregions.cpp:146:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcffilter.cpp:214:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(inputFilename); data/libvcflib-1.0.1+dfsg/src/vcffilter.cpp:216:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcffixup.cpp:54:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcffixup.cpp:61:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfflatten.cpp:31:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfflatten.cpp:33:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfgeno2alleles.cpp:20:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfgeno2alleles.cpp:42:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int index = atoi(g->c_str()); data/libvcflib-1.0.1+dfsg/src/vcfgeno2haplo.cpp:89:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). windowsize = atoi(optarg); data/libvcflib-1.0.1+dfsg/src/vcfgeno2haplo.cpp:117:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(inputFilename); data/libvcflib-1.0.1+dfsg/src/vcfgeno2haplo.cpp:119:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfgeno2haplo.cpp:132:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). reference.open(fastaFileName); data/libvcflib-1.0.1+dfsg/src/vcfgenosamplenames.cpp:12:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfgenosamplenames.cpp:14:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfgenosummarize.cpp:25:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfgenosummarize.cpp:28:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfgenotypecompare.cpp:43:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfgenotypecompare.cpp:45:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfgenotypes.cpp:23:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfgenotypes.cpp:25:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfglbound.cpp:93:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(inputFilename); data/libvcflib-1.0.1+dfsg/src/vcfglbound.cpp:95:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfglxgt.cpp:81:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(inputFilename); data/libvcflib-1.0.1+dfsg/src/vcfglxgt.cpp:83:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfhetcount.cpp:24:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(inputFilename); data/libvcflib-1.0.1+dfsg/src/vcfhetcount.cpp:26:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfhethomratio.cpp:22:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfhethomratio.cpp:24:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfindex.cpp:14:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfindex.cpp:16:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfinfo2qual.cpp:22:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfinfo2qual.cpp:24:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfinfosummarize.cpp:152:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(inputFilename); data/libvcflib-1.0.1+dfsg/src/vcfinfosummarize.cpp:154:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfintersect.cpp:109:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). windowsize = atoi(optarg); data/libvcflib-1.0.1+dfsg/src/vcfintersect.cpp:195:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(inputFilename); data/libvcflib-1.0.1+dfsg/src/vcfintersect.cpp:197:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfintersect.cpp:220:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bed.open(bedFileName); data/libvcflib-1.0.1+dfsg/src/vcfintersect.cpp:235:34: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). otherVariantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfintersect.cpp:238:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). otherVariantFile.open(vcfFileName); data/libvcflib-1.0.1+dfsg/src/vcfintersect.cpp:278:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). reference.open(fastaFileName); data/libvcflib-1.0.1+dfsg/src/vcfkeepgeno.cpp:32:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfkeepgeno.cpp:34:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfkeepinfo.cpp:27:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfkeepinfo.cpp:29:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfkeepsamples.cpp:26:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfkeepsamples.cpp:28:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfld.cpp:56:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). index[ atoi( (*it).c_str() ) ] = 1; data/libvcflib-1.0.1+dfsg/src/vcfld.cpp:260:21: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). windowSize = atol( win.c_str() ); data/libvcflib-1.0.1+dfsg/src/vcfld.cpp:293:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfleftalign.cpp:519:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). window = atoi(optarg); data/libvcflib-1.0.1+dfsg/src/vcfleftalign.cpp:538:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfleftalign.cpp:540:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfleftalign.cpp:553:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fastaReference.open(fastaFileName); data/libvcflib-1.0.1+dfsg/src/vcflength.cpp:14:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcflength.cpp:16:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfnormalizesvs.cpp:71:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfnormalizesvs.cpp:81:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ins->open(x); data/libvcflib-1.0.1+dfsg/src/vcfnormalizesvs.cpp:87:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ref.open(ref_file); data/libvcflib-1.0.1+dfsg/src/vcfnull2ref.cpp:23:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfnull2ref.cpp:25:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfnumalt.cpp:22:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfnumalt.cpp:24:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfoverlay.cpp:83:31: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!variantFile->open(inputFilename)) { data/libvcflib-1.0.1+dfsg/src/vcfparsealts.cpp:12:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfparsealts.cpp:14:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfprimers.cpp:79:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). primerLength = atoi(optarg); data/libvcflib-1.0.1+dfsg/src/vcfprimers.cpp:108:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ref.open(fastaRef); data/libvcflib-1.0.1+dfsg/src/vcfprimers.cpp:114:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(inputFilename); data/libvcflib-1.0.1+dfsg/src/vcfprimers.cpp:116:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfqual2info.cpp:21:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfqual2info.cpp:23:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfrandomsample.cpp:67:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). seed = atoi(optarg); data/libvcflib-1.0.1+dfsg/src/vcfrandomsample.cpp:92:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(inputFilename); data/libvcflib-1.0.1+dfsg/src/vcfrandomsample.cpp:94:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfrandomsample.cpp:106:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). random.open("/dev/urandom", fstream::in); data/libvcflib-1.0.1+dfsg/src/vcfrandomsample.cpp:108:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). random.open("/dev/random", fstream::in); data/libvcflib-1.0.1+dfsg/src/vcfremap.cpp:90:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). windowsize = atoi(optarg); data/libvcflib-1.0.1+dfsg/src/vcfremap.cpp:123:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). altwindowsize = atoi(optarg); data/libvcflib-1.0.1+dfsg/src/vcfremap.cpp:149:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(inputFilename); data/libvcflib-1.0.1+dfsg/src/vcfremap.cpp:151:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfremap.cpp:164:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). freference.open(fastaFileName); data/libvcflib-1.0.1+dfsg/src/vcfremap.cpp:228:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). len = atoi(slen.c_str()); data/libvcflib-1.0.1+dfsg/src/vcfremap.cpp:240:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). len = atoi(slen.c_str()); data/libvcflib-1.0.1+dfsg/src/vcfremap.cpp:251:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). len = atoi(slen.c_str()); data/libvcflib-1.0.1+dfsg/src/vcfremap.cpp:276:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). len = atoi(slen.c_str()); data/libvcflib-1.0.1+dfsg/src/vcfremoveaberrantgenotypes.cpp:46:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfremoveaberrantgenotypes.cpp:48:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfremovesamples.cpp:46:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfremovesamples.cpp:48:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfroc.cpp:152:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). windowsize = atoi(optarg); data/libvcflib-1.0.1+dfsg/src/vcfroc.cpp:186:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(inputFilename); data/libvcflib-1.0.1+dfsg/src/vcfroc.cpp:188:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfroc.cpp:204:34: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). truthVariantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfroc.cpp:207:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). truthVariantFile.open(truthVcfFileName); data/libvcflib-1.0.1+dfsg/src/vcfroc.cpp:220:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). reference.open(fastaFileName); data/libvcflib-1.0.1+dfsg/src/vcfsample2info.cpp:136:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(inputFilename); data/libvcflib-1.0.1+dfsg/src/vcfsample2info.cpp:138:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfsamplediff.cpp:125:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfsamplediff.cpp:127:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfsamplenames.cpp:12:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfsamplenames.cpp:14:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfsamplestats.cpp:93:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(inputFilename); data/libvcflib-1.0.1+dfsg/src/vcfsamplestats.cpp:95:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfsitesummarize.cpp:12:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfsitesummarize.cpp:14:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfsom.cpp:354:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(inputFilename); data/libvcflib-1.0.1+dfsg/src/vcfsom.cpp:356:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfsom.cpp:521:29: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). trueVariantFile.open(trueVCF); data/libvcflib-1.0.1+dfsg/src/vcfsom.cpp:543:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). falseVariantFile.open(falseVCF); data/libvcflib-1.0.1+dfsg/src/vcfstats.cpp:181:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(inputFilename); data/libvcflib-1.0.1+dfsg/src/vcfstats.cpp:183:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfstreamsort.cpp:83:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(inputFilename); data/libvcflib-1.0.1+dfsg/src/vcfstreamsort.cpp:85:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfuniq.cpp:12:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfuniq.cpp:14:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfuniqalleles.cpp:13:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfuniqalleles.cpp:15:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfunphase.cpp:23:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(std::cin); data/libvcflib-1.0.1+dfsg/src/vcfunphase.cpp:25:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/vcfunphase.cpp:49:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). gti.push_back(atoi(g->c_str())); data/libvcflib-1.0.1+dfsg/src/vec128int.h:326:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const vector unsigned char permute_selector[4] = { data/libvcflib-1.0.1+dfsg/src/vec128int.h:346:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const vector unsigned char permute_selector[2] = { data/libvcflib-1.0.1+dfsg/src/vec128int.h:369:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const vector unsigned char permute_selector[8] = { data/libvcflib-1.0.1+dfsg/src/vec128int.h:399:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const vector unsigned char permute_selector[16] = { data/libvcflib-1.0.1+dfsg/src/vec128int.h:476:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const vector unsigned char permute_selector[8] = { data/libvcflib-1.0.1+dfsg/src/vec128int.h:1493:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const vector unsigned char permute_selector[16] = { data/libvcflib-1.0.1+dfsg/src/veclib_types.h:170:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char as_char [8]; data/libvcflib-1.0.1+dfsg/src/veclib_types.h:171:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. signed char as_signed_char [8]; data/libvcflib-1.0.1+dfsg/src/veclib_types.h:183:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. signed char as_char [8]; data/libvcflib-1.0.1+dfsg/src/veclib_types.h:184:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char as_unsigned_char [8]; data/libvcflib-1.0.1+dfsg/src/veclib_types.h:185:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. signed char as_signed_char [8]; data/libvcflib-1.0.1+dfsg/src/veclib_types.h:211:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char as_char [16]; data/libvcflib-1.0.1+dfsg/src/veclib_types.h:245:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char as_char [16]; data/libvcflib-1.0.1+dfsg/src/veclib_types.h:278:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. vector signed char as_vector_signed_char [2]; data/libvcflib-1.0.1+dfsg/src/veclib_types.h:279:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. vector unsigned char as_vector_unsigned_char [2]; data/libvcflib-1.0.1+dfsg/src/veclib_types.h:280:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. vector bool char as_vector_bool_char [2]; data/libvcflib-1.0.1+dfsg/src/veclib_types.h:290:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char as_char [32]; data/libvcflib-1.0.1+dfsg/src/veclib_types.h:317:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. vector signed char as_vector_signed_char [2]; data/libvcflib-1.0.1+dfsg/src/veclib_types.h:318:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. vector unsigned char as_vector_unsigned_char [2]; data/libvcflib-1.0.1+dfsg/src/veclib_types.h:319:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. vector bool char as_vector_bool_char [2]; data/libvcflib-1.0.1+dfsg/src/veclib_types.h:330:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char as_char [32]; data/libvcflib-1.0.1+dfsg/src/wcFst.cpp:67:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). index[ atoi( (*it).c_str() ) ] = 1; data/libvcflib-1.0.1+dfsg/src/wcFst.cpp:170:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/src/xpEHH.cpp:67:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). index[ atoi( (*it).c_str() ) ] = 1; data/libvcflib-1.0.1+dfsg/src/xpEHH.cpp:305:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/test/tests/variantFileTests.h:7:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). TEST(VariantCallFile, open){ data/libvcflib-1.0.1+dfsg/test/tests/variantFileTests.h:13:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/test/tests/variantFileTests.h:25:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/test/tests/variantFileTests.h:40:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/test/tests/variantFileTests.h:54:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); data/libvcflib-1.0.1+dfsg/test/tests/variantTests.h:17:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). variantFile.open(filename); ANALYSIS SUMMARY: Hits = 437 Lines analyzed = 56413 in approximately 1.54 seconds (36561 lines/second) Physical Source Lines of Code (SLOC) = 38938 Hits@level = [0] 49 [1] 0 [2] 351 [3] 86 [4] 0 [5] 0 Hits@level+ = [0+] 486 [1+] 437 [2+] 437 [3+] 86 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 12.4814 [1+] 11.223 [2+] 11.223 [3+] 2.20864 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.