Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/minimap2-2.17+dfsg/align.c
Examining data/minimap2-2.17+dfsg/bseq.c
Examining data/minimap2-2.17+dfsg/bseq.h
Examining data/minimap2-2.17+dfsg/chain.c
Examining data/minimap2-2.17+dfsg/esterr.c
Examining data/minimap2-2.17+dfsg/example.c
Examining data/minimap2-2.17+dfsg/format.c
Examining data/minimap2-2.17+dfsg/hit.c
Examining data/minimap2-2.17+dfsg/index.c
Examining data/minimap2-2.17+dfsg/kalloc.c
Examining data/minimap2-2.17+dfsg/kalloc.h
Examining data/minimap2-2.17+dfsg/kdq.h
Examining data/minimap2-2.17+dfsg/ketopt.h
Examining data/minimap2-2.17+dfsg/khash.h
Examining data/minimap2-2.17+dfsg/kseq.h
Examining data/minimap2-2.17+dfsg/ksort.h
Examining data/minimap2-2.17+dfsg/ksw2.h
Examining data/minimap2-2.17+dfsg/ksw2_dispatch.c
Examining data/minimap2-2.17+dfsg/kthread.c
Examining data/minimap2-2.17+dfsg/kthread.h
Examining data/minimap2-2.17+dfsg/kvec.h
Examining data/minimap2-2.17+dfsg/main.c
Examining data/minimap2-2.17+dfsg/map.c
Examining data/minimap2-2.17+dfsg/minimap.h
Examining data/minimap2-2.17+dfsg/misc.c
Examining data/minimap2-2.17+dfsg/mmpriv.h
Examining data/minimap2-2.17+dfsg/options.c
Examining data/minimap2-2.17+dfsg/pe.c
Examining data/minimap2-2.17+dfsg/python/cmappy.h
Examining data/minimap2-2.17+dfsg/sdust.c
Examining data/minimap2-2.17+dfsg/sdust.h
Examining data/minimap2-2.17+dfsg/sketch.c
Examining data/minimap2-2.17+dfsg/splitidx.c
Examining data/minimap2-2.17+dfsg/sse2neon/emmintrin.h
Examining data/minimap2-2.17+dfsg/ksw2_extd2_sse.c
Examining data/minimap2-2.17+dfsg/ksw2_exts2_sse.c
Examining data/minimap2-2.17+dfsg/ksw2_extz2_sse.c
Examining data/minimap2-2.17+dfsg/ksw2_ll_sse.c
FINAL RESULTS:
data/minimap2-2.17+dfsg/format.c:96:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rg_line, s);
data/minimap2-2.17+dfsg/index.c:315:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq->name, s->seq[i].name);
data/minimap2-2.17+dfsg/index.c:411:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->name, name[i]);
data/minimap2-2.17+dfsg/splitidx.c:13:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s.%.4d.tmp", prefix, mi->index);
data/minimap2-2.17+dfsg/splitidx.c:41:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s.%.4d.tmp", prefix, i);
data/minimap2-2.17+dfsg/splitidx.c:79:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s.%.4d.tmp", prefix, i);
data/minimap2-2.17+dfsg/align.c:206:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, r->p, sizeof(mm_extra_t));
data/minimap2-2.17+dfsg/align.c:305:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (n_cigar > 1) memcpy(p->cigar + p->n_cigar, cigar + 1, (n_cigar - 1) * 4);
data/minimap2-2.17+dfsg/align.c:308:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->cigar + p->n_cigar, cigar, n_cigar * 4);
data/minimap2-2.17+dfsg/align.c:859:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char seq_nt4_table[256];
data/minimap2-2.17+dfsg/bseq.c:11:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char seq_comp_table[256] = {
data/minimap2-2.17+dfsg/bseq.c:61:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, s->s, s->l + 1);
data/minimap2-2.17+dfsg/bseq.h:28:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char seq_nt4_table[256];
data/minimap2-2.17+dfsg/bseq.h:29:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char seq_comp_table[256];
data/minimap2-2.17+dfsg/chain.c:8:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char LogTable256[256] = {
data/minimap2-2.17+dfsg/chain.c:155:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&a[k], &b[w[i].y>>32], n * sizeof(mm128_t));
data/minimap2-2.17+dfsg/chain.c:158:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(u, u2, n_u * 8);
data/minimap2-2.17+dfsg/chain.c:159:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b, a, k * sizeof(mm128_t)); // write _a_ to _b_ and deallocate _a_ because _a_ is oversized, sometimes a lot
data/minimap2-2.17+dfsg/format.c:9:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mm_rg_id[256];
data/minimap2-2.17+dfsg/format.c:23:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&s->s[s->l], st, en - st);
data/minimap2-2.17+dfsg/format.c:29:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16]; // for integer to string conversion
data/minimap2-2.17+dfsg/format.c:218:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char seq_nt4_table[256];
data/minimap2-2.17+dfsg/format.c:289:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/minimap2-2.17+dfsg/format.c:296:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/minimap2-2.17+dfsg/format.c:339:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char seq_comp_table[256];
data/minimap2-2.17+dfsg/hit.c:197:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, t, sizeof(mm_reg1_t) * n_aux);
data/minimap2-2.17+dfsg/index.c:481:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[4];
data/minimap2-2.17+dfsg/index.c:537:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[4];
data/minimap2-2.17+dfsg/index.c:540:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(fn, O_RDONLY);
data/minimap2-2.17+dfsg/index.c:568:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
r->fp.idx = fopen(fn, "rb");
data/minimap2-2.17+dfsg/index.c:571:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fn_out) r->fp_out = fopen(fn_out, "wb");
data/minimap2-2.17+dfsg/index.c:637:13: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
t.st = atol(q); // TODO: watch out integer overflow!
data/minimap2-2.17+dfsg/index.c:640:13: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
t.en = atol(q);
data/minimap2-2.17+dfsg/index.c:643:16: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
t.score = atol(q);
data/minimap2-2.17+dfsg/index.c:648:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n_blk = atol(q);
data/minimap2-2.17+dfsg/kalloc.c:174:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q, ap, (*p - 1) * sizeof(header_t));
data/minimap2-2.17+dfsg/kseq.h:135:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str->s + str->l, ks->buf + ks->begin, i - ks->begin); \
data/minimap2-2.17+dfsg/ksw2_extd2_sse.c:111:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sf, target, tlen);
data/minimap2-2.17+dfsg/ksw2_exts2_sse.c:100:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sf, target, tlen);
data/minimap2-2.17+dfsg/ksw2_extz2_sse.c:89:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sf, target, tlen);
data/minimap2-2.17+dfsg/ksw2_ll_sse.c:141:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Hmax, H1, slen * sizeof(__m128i));
data/minimap2-2.17+dfsg/kvec.h:75:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((v1).a, (v0).a, sizeof(type) * (v0).n); \
data/minimap2-2.17+dfsg/main.c:138:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (c == 'w') ipt.w = atoi(o.arg);
data/minimap2-2.17+dfsg/main.c:139:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (c == 'k') ipt.k = atoi(o.arg);
data/minimap2-2.17+dfsg/main.c:143:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (c == 't') n_threads = atoi(o.arg);
data/minimap2-2.17+dfsg/main.c:144:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (c == 'v') mm_verbose = atoi(o.arg);
data/minimap2-2.17+dfsg/main.c:148:60: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (c == 'N') old_best_n = opt.best_n, opt.best_n = atoi(o.arg);
data/minimap2-2.17+dfsg/main.c:160:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (c == 'T') opt.sdust_thres = atoi(o.arg);
data/minimap2-2.17+dfsg/main.c:161:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (c == 'n') opt.min_cnt = atoi(o.arg);
data/minimap2-2.17+dfsg/main.c:162:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (c == 'm') opt.min_chain_score = atoi(o.arg);
data/minimap2-2.17+dfsg/main.c:163:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (c == 'A') opt.a = atoi(o.arg);
data/minimap2-2.17+dfsg/main.c:164:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (c == 'B') opt.b = atoi(o.arg);
data/minimap2-2.17+dfsg/main.c:165:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (c == 's') opt.min_dp_max = atoi(o.arg);
data/minimap2-2.17+dfsg/main.c:166:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (c == 'C') opt.noncan = atoi(o.arg);
data/minimap2-2.17+dfsg/main.c:180:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (c == 300) ipt.bucket_bits = atoi(o.arg); // --bucket-bits
data/minimap2-2.17+dfsg/main.c:181:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (c == 302) opt.seed = atoi(o.arg); // --seed
data/minimap2-2.17+dfsg/main.c:185:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (c == 307) opt.max_chain_skip = atoi(o.arg); // --max-chain-skip
data/minimap2-2.17+dfsg/main.c:186:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (c == 339) opt.max_chain_iter = atoi(o.arg); // --max-chain-iter
data/minimap2-2.17+dfsg/main.c:187:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (c == 308) opt.min_ksw_len = atoi(o.arg); // --min-dp-len
data/minimap2-2.17+dfsg/main.c:192:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (c == 317) opt.end_bonus = atoi(o.arg); // --end-bonus
data/minimap2-2.17+dfsg/main.c:195:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (c == 321) opt.anchor_ext_shift = atoi(o.arg); // --end-seed-pen
data/minimap2-2.17+dfsg/main.c:199:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (c == 328) opt.min_mid_occ = atoi(o.arg); // --min-occ-floor
data/minimap2-2.17+dfsg/main.c:202:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (c == 331) opt.sc_ambi = atoi(o.arg); // --score-N
data/minimap2-2.17+dfsg/map.c:425:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *qseqs[MM_MAX_SEG];
data/minimap2-2.17+dfsg/python/cmappy.h:73:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char seq_comp_table[256];
data/minimap2-2.17+dfsg/python/cmappy.h:84:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *seq[2];
data/minimap2-2.17+dfsg/python/cmappy.h:102:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(®s[0][_n_regs[0]], regs[1], _n_regs[1] * sizeof(mm_reg1_t));
data/minimap2-2.17+dfsg/python/cmappy.h:146:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, seq, len);
data/minimap2-2.17+dfsg/sdust.c:24:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char seq_nt4_table[256] = {
data/minimap2-2.17+dfsg/sdust.c:43:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char seq_nt4_table[256];
data/minimap2-2.17+dfsg/sdust.c:111:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, cv, SD_WTOT * sizeof(int));
data/minimap2-2.17+dfsg/sdust.c:192:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (c == 'w') W = atoi(o.arg);
data/minimap2-2.17+dfsg/sdust.c:193:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (c == 't') T = atoi(o.arg);
data/minimap2-2.17+dfsg/sketch.c:9:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char seq_nt4_table[256] = {
data/minimap2-2.17+dfsg/splitidx.c:14:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fn, "wb")) == NULL) {
data/minimap2-2.17+dfsg/splitidx.c:42:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp[i] = fopen(fn, "rb")) == 0) {
data/minimap2-2.17+dfsg/bseq.h:34:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(s);
data/minimap2-2.17+dfsg/format.c:55:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_copy(s, r, r + strlen(r));
data/minimap2-2.17+dfsg/format.c:95:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rg_line = (char*)malloc(strlen(s) + 1);
data/minimap2-2.17+dfsg/format.c:246:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t.l_seq = strlen(seq);
data/minimap2-2.17+dfsg/index.c:314:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq->name = (char*)kmalloc(p->mi->km, strlen(s->seq[i].name) + 1);
data/minimap2-2.17+dfsg/index.c:395:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sum_len += strlen(seq[i]);
data/minimap2-2.17+dfsg/index.c:410:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p->name = (char*)kmalloc(mi->km, strlen(name[i]) + 1);
data/minimap2-2.17+dfsg/index.c:416:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p->len = strlen(s);
data/minimap2-2.17+dfsg/index.c:448:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint8_t l = strlen(mi->seq[i].name);
data/minimap2-2.17+dfsg/index.c:549:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, magic, 4);
data/minimap2-2.17+dfsg/python/cmappy.h:80:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = mm_map(mi, strlen(seq1), seq1, n_regs, b, opt, NULL);
data/minimap2-2.17+dfsg/python/cmappy.h:87:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len[0] = strlen(seq1);
data/minimap2-2.17+dfsg/python/cmappy.h:88:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len[1] = strlen(seq2);
data/minimap2-2.17+dfsg/sdust.c:144:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (l_seq < 0) l_seq = strlen((const char*)seq);
data/minimap2-2.17+dfsg/splitidx.c:12:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fn = (char*)calloc(strlen(prefix) + 10, 1);
data/minimap2-2.17+dfsg/splitidx.c:23:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(mi->seq[i].name);
data/minimap2-2.17+dfsg/splitidx.c:39:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fn = CALLOC(char, strlen(prefix) + 10);
data/minimap2-2.17+dfsg/splitidx.c:77:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fn = CALLOC(char, strlen(prefix) + 10);
ANALYSIS SUMMARY:
Hits = 94
Lines analyzed = 10750 in approximately 0.40 seconds (26755 lines/second)
Physical Source Lines of Code (SLOC) = 8655
Hits@level = [0] 135 [1] 18 [2] 70 [3] 0 [4] 6 [5] 0
Hits@level+ = [0+] 229 [1+] 94 [2+] 76 [3+] 6 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 26.4587 [1+] 10.8608 [2+] 8.78105 [3+] 0.693241 [4+] 0.693241 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.