Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/minimac4-1.0.2/src/Analysis.cpp
Examining data/minimac4-1.0.2/src/Analysis.h
Examining data/minimac4-1.0.2/src/AnalysisChunks.cpp
Examining data/minimac4-1.0.2/src/DosageData.cpp
Examining data/minimac4-1.0.2/src/DosageData.h
Examining data/minimac4-1.0.2/src/Estimation.cpp
Examining data/minimac4-1.0.2/src/Estimation.h
Examining data/minimac4-1.0.2/src/HaplotypeSet.h
Examining data/minimac4-1.0.2/src/Imputation.cpp
Examining data/minimac4-1.0.2/src/Imputation.h
Examining data/minimac4-1.0.2/src/ImputationStatistics.cpp
Examining data/minimac4-1.0.2/src/ImputationStatistics.h
Examining data/minimac4-1.0.2/src/Main.cpp
Examining data/minimac4-1.0.2/src/MarkovModel.cpp
Examining data/minimac4-1.0.2/src/MarkovModel.h
Examining data/minimac4-1.0.2/src/MarkovParameters.h
Examining data/minimac4-1.0.2/src/MyVariables.h
Examining data/minimac4-1.0.2/src/Unique.cpp
Examining data/minimac4-1.0.2/src/Unique.h
Examining data/minimac4-1.0.2/src/HaplotypeSet.cpp
Examining data/minimac4-1.0.2/src/MarkovParameters.cpp
FINAL RESULTS:
data/minimac4-1.0.2/src/Analysis.cpp:252:40: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
InfoPrintStringLength+=sprintf(InfoPrintStringPointer+InfoPrintStringLength , "%s\t%s\t%s\t%.5f\t%.5f\t%.5f\t%.5f\t",
data/minimac4-1.0.2/src/Analysis.cpp:285:44: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
InfoPrintStringLength+=sprintf(InfoPrintStringPointer+InfoPrintStringLength , "%s\t%s\t%s\t%.5f\t%.5f\t-\t-\tTyped_Only\t-\t-\t-\t-\t-\n",
data/minimac4-1.0.2/src/Analysis.cpp:352:43: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,"%s\t%d\t%s\t%s\t%s\t.\tPASS",
data/minimac4-1.0.2/src/Analysis.cpp:364:47: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,"%s",line.c_str());
data/minimac4-1.0.2/src/Analysis.cpp:445:39: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,"%s\t%d\t%s\t%s\t%s\t.\tPASS",
data/minimac4-1.0.2/src/Analysis.cpp:466:39: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,"\t%s",MyAllVariables->myOutFormat.formatStringForVCF.c_str());
data/minimac4-1.0.2/src/Analysis.cpp:471:43: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,"%s",line.c_str());
data/minimac4-1.0.2/src/Analysis.cpp:488:39: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,"%s\t%d\t%s\t%s\t%s\t.\tPASS",
data/minimac4-1.0.2/src/Analysis.cpp:500:39: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,"\t%s",MyAllVariables->myOutFormat.formatStringForVCF.c_str());
data/minimac4-1.0.2/src/Analysis.cpp:505:43: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,"%s",line.c_str());
data/minimac4-1.0.2/src/Estimation.cpp:144:40: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
InfoPrintStringLength+=sprintf(InfoPrintStringPointer+InfoPrintStringLength , "%s\t%s\t%s\t%.5f\t%.5f\t%.5f\t%.5f\t",
data/minimac4-1.0.2/src/Estimation.cpp:177:40: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
InfoPrintStringLength+=sprintf(InfoPrintStringPointer+InfoPrintStringLength , "%s\t%s\t%s\t%.5f\t%.5f\t-\t-\tTyped_Only\t-\t-\t-\t-\t-\n",
data/minimac4-1.0.2/src/Estimation.cpp:240:43: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,"%s\t%d\t%s\t%s\t%s\t.\tPASS",
data/minimac4-1.0.2/src/Estimation.cpp:252:47: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,"%s",line.c_str());
data/minimac4-1.0.2/src/Estimation.cpp:330:39: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,"%s\t%d\t%s\t%s\t%s\t.\tPASS",
data/minimac4-1.0.2/src/Estimation.cpp:351:39: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,"\t%s",MyAllVariables->myOutFormat.formatStringForVCF.c_str());
data/minimac4-1.0.2/src/Estimation.cpp:356:43: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,"%s",line.c_str());
data/minimac4-1.0.2/src/Estimation.cpp:373:39: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,"%s\t%d\t%s\t%s\t%s\t.\tPASS",
data/minimac4-1.0.2/src/Estimation.cpp:385:39: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,"\t%s",MyAllVariables->myOutFormat.formatStringForVCF.c_str());
data/minimac4-1.0.2/src/Estimation.cpp:390:43: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,"%s",line.c_str());
data/minimac4-1.0.2/src/HaplotypeSet.cpp:1491:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy(temp,tempString.c_str());
data/minimac4-1.0.2/src/MyVariables.h:190:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(MyCommandLine,argv[0]);
data/minimac4-1.0.2/src/MyVariables.h:195:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(MyCommandLine, argv[i]);
data/minimac4-1.0.2/src/Analysis.cpp:263:44: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
InfoPrintStringLength+=sprintf(InfoPrintStringPointer+InfoPrintStringLength , "Genotyped\t%.3f\t%.3f\t%.5f\t%.5f\t%.5f\n",
data/minimac4-1.0.2/src/Analysis.cpp:268:41: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
InfoPrintStringLength+=sprintf(InfoPrintStringPointer+InfoPrintStringLength , "Imputed\t-\t-\t-\t-\t-\n");
data/minimac4-1.0.2/src/Analysis.cpp:358:43: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,"\tTYPED\tGT:LDS");
data/minimac4-1.0.2/src/Analysis.cpp:456:39: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,"\tAF=%.5f;MAF=%.5f;R2=%.5f",
data/minimac4-1.0.2/src/Analysis.cpp:461:43: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,";ER2=%.5f;TYPED",stats.EmpiricalRsq(i));
data/minimac4-1.0.2/src/Analysis.cpp:463:43: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,";IMPUTED");
data/minimac4-1.0.2/src/Analysis.cpp:497:39: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,"\tAF=%.5f;MAF=%.5f;TYPED_ONLY",
data/minimac4-1.0.2/src/Analysis.cpp:1497:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TarFileStream.open(Tarfilename, header);
data/minimac4-1.0.2/src/DosageData.cpp:108:36: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,"0|0");
data/minimac4-1.0.2/src/DosageData.cpp:111:36: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,"0/0");
data/minimac4-1.0.2/src/DosageData.cpp:128:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,"0,0");
data/minimac4-1.0.2/src/DosageData.cpp:137:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,"1,0,0");
data/minimac4-1.0.2/src/DosageData.cpp:154:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,"%d|%d",(x>0.5),(y>0.5));
data/minimac4-1.0.2/src/DosageData.cpp:161:36: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,"0/1");
data/minimac4-1.0.2/src/DosageData.cpp:163:36: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,"1/1");
data/minimac4-1.0.2/src/DosageData.cpp:165:36: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,"0/0");
data/minimac4-1.0.2/src/DosageData.cpp:174:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,"%.3f",x+ y);
data/minimac4-1.0.2/src/DosageData.cpp:182:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,"%.3f,%.3f",x , y);
data/minimac4-1.0.2/src/DosageData.cpp:191:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,"%.3f,%.3f,%.3f",(1-x)*(1-y),x*(1-y)+y*(1-x),x*y);
data/minimac4-1.0.2/src/DosageData.cpp:198:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,"%.3f", x*(1-x) + y*(1-y));
data/minimac4-1.0.2/src/DosageData.cpp:241:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,"1,0");
data/minimac4-1.0.2/src/DosageData.cpp:258:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,"%d",(x>0.5));
data/minimac4-1.0.2/src/DosageData.cpp:266:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,"%.3f",x);
data/minimac4-1.0.2/src/DosageData.cpp:274:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,"%.3f",x );
data/minimac4-1.0.2/src/DosageData.cpp:283:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,"%.3f,%.3f",1-x,x);
data/minimac4-1.0.2/src/DosageData.cpp:290:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,"%.3f", x*(1-x));
data/minimac4-1.0.2/src/DosageData.cpp:298:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
PrintEmpStringLength+=sprintf(PrintEmpStringPointer+PrintEmpStringLength,"%c|%c",a,b);
data/minimac4-1.0.2/src/DosageData.cpp:300:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
PrintEmpStringLength+=sprintf(PrintEmpStringPointer+PrintEmpStringLength,"%.3f|%.3f",x , y);
data/minimac4-1.0.2/src/DosageData.cpp:307:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
PrintEmpStringLength+=sprintf(PrintEmpStringPointer+PrintEmpStringLength,"%c",a);
data/minimac4-1.0.2/src/DosageData.cpp:309:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
PrintEmpStringLength+=sprintf(PrintEmpStringPointer+PrintEmpStringLength,"%.3f",x);
data/minimac4-1.0.2/src/DosageData.cpp:345:44: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
PrintEmpStringLength+=sprintf(PrintEmpStringPointer+PrintEmpStringLength,"\t.|.:.|.");
data/minimac4-1.0.2/src/DosageData.cpp:359:44: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
PrintEmpStringLength+=sprintf(PrintEmpStringPointer+PrintEmpStringLength,"\t.:.");
data/minimac4-1.0.2/src/Estimation.cpp:155:44: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
InfoPrintStringLength+=sprintf(InfoPrintStringPointer+InfoPrintStringLength , "Genotyped\t%.3f\t%.3f\t%.5f\t%.5f\t%.5f\n",
data/minimac4-1.0.2/src/Estimation.cpp:160:44: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
InfoPrintStringLength+=sprintf(InfoPrintStringPointer+InfoPrintStringLength , "Imputed\t-\t-\t-\t-\t-\n");
data/minimac4-1.0.2/src/Estimation.cpp:246:43: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,"\tTYPED\tGT:LDS");
data/minimac4-1.0.2/src/Estimation.cpp:341:39: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,"\tAF=%.5f;MAF=%.5f;R2=%.5f",
data/minimac4-1.0.2/src/Estimation.cpp:346:43: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,";ER2=%.5f;TYPED",stats.EmpiricalRsq(i));
data/minimac4-1.0.2/src/Estimation.cpp:348:43: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,";IMPUTED");
data/minimac4-1.0.2/src/Estimation.cpp:382:39: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,"\tAF=%.5f;MAF=%.5f;TYPED_ONLY",
data/minimac4-1.0.2/src/Estimation.cpp:1144:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TarFileStream.open(Tarfilename, header);
data/minimac4-1.0.2/src/HaplotypeSet.cpp:474:75: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tempVariant.assignValues(currID,rsID,BlockPiecesforVarInfo[0],atoi(BlockPiecesforVarInfo[1].c_str()));
data/minimac4-1.0.2/src/HaplotypeSet.cpp:563:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tempval = atoi(BlockPieces[index + 9].c_str());
data/minimac4-1.0.2/src/HaplotypeSet.cpp:579:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tempval = atoi(HaploPieces[0].c_str());
data/minimac4-1.0.2/src/HaplotypeSet.cpp:583:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tempval = atoi(HaploPieces[1].c_str());
data/minimac4-1.0.2/src/HaplotypeSet.cpp:589:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tempval = atoi(BlockPieces[index + 9].c_str());
data/minimac4-1.0.2/src/HaplotypeSet.cpp:630:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
AlternateAlleles.push_back(prevVal+atoi(word.c_str()));
data/minimac4-1.0.2/src/HaplotypeSet.cpp:645:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
AlternateAlleles.push_back(prevVal+atoi(word.c_str()));
data/minimac4-1.0.2/src/HaplotypeSet.cpp:800:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inFile.open(VCFFileName, header);
data/minimac4-1.0.2/src/HaplotypeSet.cpp:967:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inFile.open(VCFFileName, header);
data/minimac4-1.0.2/src/HaplotypeSet.cpp:1218:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
NoBlocks=atoi(headerTag[1].c_str());
data/minimac4-1.0.2/src/HaplotypeSet.cpp:1490:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[tempString.length() + 1];
data/minimac4-1.0.2/src/HaplotypeSet.cpp:1589:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
NoBlocks=atoi(pch);
data/minimac4-1.0.2/src/HaplotypeSet.cpp:1594:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
numHaplotypes=atoi(pch);
data/minimac4-1.0.2/src/HaplotypeSet.cpp:1599:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
InitialNMarkers=atoi(pch);
data/minimac4-1.0.2/src/HaplotypeSet.cpp:1690:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tempStartBlock=atoi(pch1);
data/minimac4-1.0.2/src/HaplotypeSet.cpp:1693:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tempEndBlock=atoi(pch1);
data/minimac4-1.0.2/src/HaplotypeSet.cpp:1744:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tempVarCount=atoi(pch3);
data/minimac4-1.0.2/src/HaplotypeSet.cpp:1750:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tempRepCount=atoi(pch3);
data/minimac4-1.0.2/src/HaplotypeSet.cpp:1782:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tempval=atoi(pch);
data/minimac4-1.0.2/src/HaplotypeSet.cpp:1820:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tempPos=atoi(pch3);
data/minimac4-1.0.2/src/HaplotypeSet.cpp:2259:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tempStartBlock=atoi(PosTokens[0].c_str());
data/minimac4-1.0.2/src/HaplotypeSet.cpp:2260:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tempEndBlock=atoi(PosTokens[1].c_str());
data/minimac4-1.0.2/src/MyVariables.h:189:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MyCommandLine[len];
data/minimac4-1.0.2/src/Analysis.cpp:367:43: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,"\n");
data/minimac4-1.0.2/src/Analysis.cpp:474:40: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,"\n");
data/minimac4-1.0.2/src/Analysis.cpp:508:39: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,"\n");
data/minimac4-1.0.2/src/DosageData.cpp:100:24: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,"\t");
data/minimac4-1.0.2/src/DosageData.cpp:119:36: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,":");
data/minimac4-1.0.2/src/DosageData.cpp:120:32: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,"0");
data/minimac4-1.0.2/src/DosageData.cpp:127:36: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,":");
data/minimac4-1.0.2/src/DosageData.cpp:135:36: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,":");
data/minimac4-1.0.2/src/DosageData.cpp:142:36: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,":");
data/minimac4-1.0.2/src/DosageData.cpp:144:32: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,"0");
data/minimac4-1.0.2/src/DosageData.cpp:173:32: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,":");
data/minimac4-1.0.2/src/DosageData.cpp:181:32: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,":");
data/minimac4-1.0.2/src/DosageData.cpp:189:32: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,":");
data/minimac4-1.0.2/src/DosageData.cpp:196:32: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,":");
data/minimac4-1.0.2/src/DosageData.cpp:210:24: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,"\t");
data/minimac4-1.0.2/src/DosageData.cpp:216:32: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,"0");
data/minimac4-1.0.2/src/DosageData.cpp:223:36: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,":");
data/minimac4-1.0.2/src/DosageData.cpp:224:32: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,"0");
data/minimac4-1.0.2/src/DosageData.cpp:231:36: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,":");
data/minimac4-1.0.2/src/DosageData.cpp:232:32: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,"0");
data/minimac4-1.0.2/src/DosageData.cpp:239:36: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,":");
data/minimac4-1.0.2/src/DosageData.cpp:246:36: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,":");
data/minimac4-1.0.2/src/DosageData.cpp:248:32: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,"0");
data/minimac4-1.0.2/src/DosageData.cpp:265:32: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,":");
data/minimac4-1.0.2/src/DosageData.cpp:273:32: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,":");
data/minimac4-1.0.2/src/DosageData.cpp:281:32: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,":");
data/minimac4-1.0.2/src/DosageData.cpp:288:32: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,":");
data/minimac4-1.0.2/src/DosageData.cpp:297:27: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintEmpStringLength+=sprintf(PrintEmpStringPointer+PrintEmpStringLength,"\t");
data/minimac4-1.0.2/src/DosageData.cpp:299:27: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintEmpStringLength+=sprintf(PrintEmpStringPointer+PrintEmpStringLength,":");
data/minimac4-1.0.2/src/DosageData.cpp:306:27: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintEmpStringLength+=sprintf(PrintEmpStringPointer+PrintEmpStringLength,"\t");
data/minimac4-1.0.2/src/DosageData.cpp:308:27: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintEmpStringLength+=sprintf(PrintEmpStringPointer+PrintEmpStringLength,":");
data/minimac4-1.0.2/src/DosageData.cpp:373:24: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,"\n");
data/minimac4-1.0.2/src/DosageData.cpp:375:31: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintEmpStringLength+=sprintf(PrintEmpStringPointer+PrintEmpStringLength,"\n");
data/minimac4-1.0.2/src/DosageData.cpp:423:24: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
PrintStringLength+=sprintf(PrintStringPointer+PrintStringLength,"\n");
data/minimac4-1.0.2/src/Estimation.cpp:255:43: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,"\n");
data/minimac4-1.0.2/src/Estimation.cpp:359:39: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,"\n");
data/minimac4-1.0.2/src/Estimation.cpp:393:39: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
VcfPrintStringLength+=sprintf(VcfPrintStringPointer + VcfPrintStringLength,"\n");
data/minimac4-1.0.2/src/HaplotypeSet.cpp:1952:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(refAllele.c_str()) == 1
data/minimac4-1.0.2/src/HaplotypeSet.cpp:1953:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(altAllele.c_str()) == 1)
data/minimac4-1.0.2/src/HaplotypeSet.cpp:1999:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(refAllele.c_str())<strlen(altAllele.c_str()))
data/minimac4-1.0.2/src/HaplotypeSet.cpp:1999:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(refAllele.c_str())<strlen(altAllele.c_str()))
data/minimac4-1.0.2/src/MarkovModel.cpp:1321:27: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
background = (match + mismatch) * backgroundError;
data/minimac4-1.0.2/src/MarkovModel.cpp:1322:25: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
mismatch = (match + mismatch) * e *freq;
data/minimac4-1.0.2/src/MarkovModel.cpp:1325:12: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return mismatch / (mismatch + match + background);
data/minimac4-1.0.2/src/MyVariables.h:185:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(argv[i]) + 1;
data/minimac4-1.0.2/src/MyVariables.h:194:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(MyCommandLine, " ");
data/minimac4-1.0.2/src/MyVariables.h:587:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(argv[0]);
ANALYSIS SUMMARY:
Hits = 133
Lines analyzed = 12920 in approximately 0.31 seconds (41140 lines/second)
Physical Source Lines of Code (SLOC) = 8780
Hits@level = [0] 63 [1] 47 [2] 63 [3] 0 [4] 23 [5] 0
Hits@level+ = [0+] 196 [1+] 133 [2+] 86 [3+] 23 [4+] 23 [5+] 0
Hits/KSLOC@level+ = [0+] 22.3235 [1+] 15.1481 [2+] 9.79499 [3+] 2.61959 [4+] 2.61959 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.