Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/plink-1.07+dfsg/genome.cpp
Examining data/plink-1.07+dfsg/genedrop.cpp
Examining data/plink-1.07+dfsg/annot.cpp
Examining data/plink-1.07+dfsg/options.cpp
Examining data/plink-1.07+dfsg/assoc.cpp
Examining data/plink-1.07+dfsg/lookup2.cpp
Examining data/plink-1.07+dfsg/idhelp.h
Examining data/plink-1.07+dfsg/clumpld.cpp
Examining data/plink-1.07+dfsg/whap.h
Examining data/plink-1.07+dfsg/stats.h
Examining data/plink-1.07+dfsg/lookup.cpp
Examining data/plink-1.07+dfsg/metaanal.cpp
Examining data/plink-1.07+dfsg/epi.cpp
Examining data/plink-1.07+dfsg/setscreen.cpp
Examining data/plink-1.07+dfsg/mishap.cpp
Examining data/plink-1.07+dfsg/sets.h
Examining data/plink-1.07+dfsg/haplohelper.cpp
Examining data/plink-1.07+dfsg/cluster.cpp
Examining data/plink-1.07+dfsg/genepi.cpp
Examining data/plink-1.07+dfsg/blox.cpp
Examining data/plink-1.07+dfsg/genogroup.h
Examining data/plink-1.07+dfsg/segment.cpp
Examining data/plink-1.07+dfsg/crandom.cpp
Examining data/plink-1.07+dfsg/plink.h
Examining data/plink-1.07+dfsg/step.cpp
Examining data/plink-1.07+dfsg/pdriver.cpp
Examining data/plink-1.07+dfsg/impute.cpp
Examining data/plink-1.07+dfsg/tdt.cpp
Examining data/plink-1.07+dfsg/webcheck.cpp
Examining data/plink-1.07+dfsg/zed.cpp
Examining data/plink-1.07+dfsg/phase.h
Examining data/plink-1.07+dfsg/sisocks.h
Examining data/plink-1.07+dfsg/profile.cpp
Examining data/plink-1.07+dfsg/linput.cpp
Examining data/plink-1.07+dfsg/tinput.cpp
Examining data/plink-1.07+dfsg/whap.cpp
Examining data/plink-1.07+dfsg/Rconnection.h
Examining data/plink-1.07+dfsg/fisher.cpp
Examining data/plink-1.07+dfsg/nlist.cpp
Examining data/plink-1.07+dfsg/poo.cpp
Examining data/plink-1.07+dfsg/glm.cpp
Examining data/plink-1.07+dfsg/qualscores.cpp
Examining data/plink-1.07+dfsg/Rconnection.cpp
Examining data/plink-1.07+dfsg/gvar.h
Examining data/plink-1.07+dfsg/cnv.cpp
Examining data/plink-1.07+dfsg/stats.cpp
Examining data/plink-1.07+dfsg/haploCC.cpp
Examining data/plink-1.07+dfsg/homozyg.cpp
Examining data/plink-1.07+dfsg/zfstream.h
Examining data/plink-1.07+dfsg/sockets.h
Examining data/plink-1.07+dfsg/metaem.cpp
Examining data/plink-1.07+dfsg/multiple.cpp
Examining data/plink-1.07+dfsg/sharing.cpp
Examining data/plink-1.07+dfsg/haploTDT.cpp
Examining data/plink-1.07+dfsg/r.cpp
Examining data/plink-1.07+dfsg/cfamily.cpp
Examining data/plink-1.07+dfsg/merge.cpp
Examining data/plink-1.07+dfsg/options.h
Examining data/plink-1.07+dfsg/hapglm.cpp
Examining data/plink-1.07+dfsg/helper.h
Examining data/plink-1.07+dfsg/perm.cpp
Examining data/plink-1.07+dfsg/cfamily.h
Examining data/plink-1.07+dfsg/dcdflib.h
Examining data/plink-1.07+dfsg/mds.cpp
Examining data/plink-1.07+dfsg/locus.cpp
Examining data/plink-1.07+dfsg/haplowindow.cpp
Examining data/plink-1.07+dfsg/fisher.h
Examining data/plink-1.07+dfsg/zfstream.cpp
Examining data/plink-1.07+dfsg/clumpld.h
Examining data/plink-1.07+dfsg/bmerge.cpp
Examining data/plink-1.07+dfsg/nonfounderphasing.cpp
Examining data/plink-1.07+dfsg/input.cpp
Examining data/plink-1.07+dfsg/ipmpar.h
Examining data/plink-1.07+dfsg/lapackf.cpp
Examining data/plink-1.07+dfsg/simul.cpp
Examining data/plink-1.07+dfsg/prephap.cpp
Examining data/plink-1.07+dfsg/perm.h
Examining data/plink-1.07+dfsg/informative.cpp
Examining data/plink-1.07+dfsg/linear.h
Examining data/plink-1.07+dfsg/cnvqt.cpp
Examining data/plink-1.07+dfsg/plink.cpp
Examining data/plink-1.07+dfsg/dfam.cpp
Examining data/plink-1.07+dfsg/filters.cpp
Examining data/plink-1.07+dfsg/output.cpp
Examining data/plink-1.07+dfsg/legacy.cpp
Examining data/plink-1.07+dfsg/config.h
Examining data/plink-1.07+dfsg/cdflib.h
Examining data/plink-1.07+dfsg/linear.cpp
Examining data/plink-1.07+dfsg/haploQTL.cpp
Examining data/plink-1.07+dfsg/hotel.cpp
Examining data/plink-1.07+dfsg/lapackf.h
Examining data/plink-1.07+dfsg/model.h
Examining data/plink-1.07+dfsg/qfam.cpp
Examining data/plink-1.07+dfsg/phase.cpp
Examining data/plink-1.07+dfsg/nlist.h
Examining data/plink-1.07+dfsg/flip.cpp
Examining data/plink-1.07+dfsg/tag.cpp
Examining data/plink-1.07+dfsg/zed.h
Examining data/plink-1.07+dfsg/proxy.cpp
Examining data/plink-1.07+dfsg/haplowindow.h
Examining data/plink-1.07+dfsg/sockets.cpp
Examining data/plink-1.07+dfsg/genoerr.cpp
Examining data/plink-1.07+dfsg/genogroup.cpp
Examining data/plink-1.07+dfsg/dcdflib.cpp
Examining data/plink-1.07+dfsg/helper.cpp
Examining data/plink-1.07+dfsg/logistic.h
Examining data/plink-1.07+dfsg/gxe.cpp
Examining data/plink-1.07+dfsg/mh.cpp
Examining data/plink-1.07+dfsg/em.cpp
Examining data/plink-1.07+dfsg/trio.cpp
Examining data/plink-1.07+dfsg/parse.cpp
Examining data/plink-1.07+dfsg/cnv.h
Examining data/plink-1.07+dfsg/multi.cpp
Examining data/plink-1.07+dfsg/greport.cpp
Examining data/plink-1.07+dfsg/logistic.cpp
Examining data/plink-1.07+dfsg/crandom.h
Examining data/plink-1.07+dfsg/Rsrv.h
Examining data/plink-1.07+dfsg/elf.cpp
Examining data/plink-1.07+dfsg/idhelp.cpp
Examining data/plink-1.07+dfsg/dosage.cpp
Examining data/plink-1.07+dfsg/gvar.cpp
Examining data/plink-1.07+dfsg/model.cpp
Examining data/plink-1.07+dfsg/binput.cpp
Examining data/plink-1.07+dfsg/sets.cpp
FINAL RESULTS:
data/plink-1.07+dfsg/Rconnection.cpp:116:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data+4,txt);
data/plink-1.07+dfsg/Rconnection.cpp:558:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(this->host, host);
data/plink-1.07+dfsg/Rconnection.cpp:586:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sau.sun_path,host); // FIXME: possible overflow!
data/plink-1.07+dfsg/Rconnection.cpp:701:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cm->data+4, symbol);
data/plink-1.07+dfsg/Rconnection.cpp:831:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(authbuf, user); c=authbuf+strlen(user);
data/plink-1.07+dfsg/Rconnection.cpp:833:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c,pwd);
data/plink-1.07+dfsg/Rconnection.cpp:836:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c,crypt(pwd,salt));
data/plink-1.07+dfsg/Rconnection.cpp:836:14: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
strcpy(c,crypt(pwd,salt));
data/plink-1.07+dfsg/sisocks.h:73:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int snprintf(char *buf, int len, char *fmt, ...)
data/plink-1.07+dfsg/sisocks.h:79:10: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
cnt = vsprintf(buf, fmt, argptr);
data/plink-1.07+dfsg/sisocks.h:85:12: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
extern int snprintf(char *buf, int len, char *fmt, ...);
data/plink-1.07+dfsg/crandom.cpp:40:15: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void CRandom::srand ( long unsigned i )
data/plink-1.07+dfsg/crandom.h:42:17: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
static void srand(long unsigned iseed = 0);
data/plink-1.07+dfsg/plink.cpp:119:14: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
CRandom::srand(time(0));
data/plink-1.07+dfsg/plink.cpp:121:14: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
CRandom::srand( par::random_seed );
data/plink-1.07+dfsg/zfstream.cpp:402:11: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
this->setstate(std::ios_base::failbit);
data/plink-1.07+dfsg/zfstream.cpp:413:11: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
this->setstate(std::ios_base::failbit);
data/plink-1.07+dfsg/zfstream.cpp:423:11: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
this->setstate(std::ios_base::failbit);
data/plink-1.07+dfsg/zfstream.cpp:457:11: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
this->setstate(std::ios_base::failbit);
data/plink-1.07+dfsg/zfstream.cpp:468:11: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
this->setstate(std::ios_base::failbit);
data/plink-1.07+dfsg/zfstream.cpp:478:11: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
this->setstate(std::ios_base::failbit);
data/plink-1.07+dfsg/Rconnection.cpp:126:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, (raw_data)?buf:((char*)buf+4), dlen);
data/plink-1.07+dfsg/Rconnection.cpp:160:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sb[256];
data/plink-1.07+dfsg/Rconnection.cpp:264:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->data, data, len);
data/plink-1.07+dfsg/Rconnection.cpp:334:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+hl, data, len);
data/plink-1.07+dfsg/Rconnection.cpp:577:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char IDstring[33];
data/plink-1.07+dfsg/Rconnection.cpp:780:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (msg->len > 0) memcpy(buf, msg->data, msg->len);
data/plink-1.07+dfsg/Rconnection.h:369:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char salt[2];
data/plink-1.07+dfsg/Rsrv.h:342:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned int itop(unsigned int i) { char b[4]; b[0]=((char*)&i)[3]; b[3]=((char*)&i)[0]; b[1]=((char*)&i)[2]; b[2]=((char*)&i)[1]; return *((unsigned int*)b); }
data/plink-1.07+dfsg/Rsrv.h:343:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
double dtop(double i) { char b[8]; b[0]=((char*)&i)[7]; b[1]=((char*)&i)[6]; b[2]=((char*)&i)[5]; b[3]=((char*)&i)[4]; b[7]=((char*)&i)[0]; b[6]=((char*)&i)[1]; b[5]=((char*)&i)[2]; b[4]=((char*)&i)[3]; return *((double*)b); }
data/plink-1.07+dfsg/assoc.cpp:199:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
haplo->HTEST.open(f.c_str(), ios::out);
data/plink-1.07+dfsg/assoc.cpp:258:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
haplo->HTEST.open(f.c_str(), ios::out);
data/plink-1.07+dfsg/assoc.cpp:651:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ASC.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/assoc.cpp:770:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ASC.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/assoc.cpp:845:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ASC.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/assoc.cpp:1227:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ASC.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/assoc.cpp:1741:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ASC.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/assoc.cpp:1758:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QT_MEANS.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/assoc.cpp:2142:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MIS.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/assoc.cpp:2297:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
LD.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/binput.cpp:286:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch[1];
data/plink-1.07+dfsg/binput.cpp:342:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch[1];
data/plink-1.07+dfsg/binput.cpp:375:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch[1];
data/plink-1.07+dfsg/binput.cpp:417:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
BIT.open(s.c_str(), ios::in | ios::binary);
data/plink-1.07+dfsg/binput.cpp:423:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch[1];
data/plink-1.07+dfsg/binput.cpp:466:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
BIT.open(s.c_str(), ios::in | ios::binary);
data/plink-1.07+dfsg/binput.cpp:482:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
BIT.open(s.c_str(), ios::in | ios::binary);
data/plink-1.07+dfsg/bmerge.cpp:320:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MSNP.open(f.c_str(), ios::out);
data/plink-1.07+dfsg/bmerge.cpp:467:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MERD.open(f.c_str(), ios::out);
data/plink-1.07+dfsg/bmerge.cpp:489:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FAM.open(par::merge_famfile.c_str());
data/plink-1.07+dfsg/bmerge.cpp:722:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch[1];
data/plink-1.07+dfsg/clumpld.cpp:104:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cline[par::MAX_LINE_LENGTH];
data/plink-1.07+dfsg/clumpld.cpp:160:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cline[par::MAX_LINE_LENGTH];
data/plink-1.07+dfsg/clumpld.cpp:266:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
CLMP.open( (par::output_file_name + ".clumped").c_str() , ios::out);
data/plink-1.07+dfsg/clumpld.cpp:278:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
CLMP2.open( (par::output_file_name + ".clumped.ranges").c_str() , ios::out);
data/plink-1.07+dfsg/clumpld.cpp:292:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
BEST.open( (par::output_file_name + ".clumped.best").c_str() , ios::out);
data/plink-1.07+dfsg/cluster.cpp:1104:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
CLST.open((par::output_file_name+".cluster1").c_str(),ios::out);
data/plink-1.07+dfsg/cluster.cpp:1129:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
CLST.open((par::output_file_name+".cluster2").c_str(),ios::out);
data/plink-1.07+dfsg/cluster.cpp:1153:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
CLST.open((par::output_file_name+".cluster3").c_str(),ios::out);
data/plink-1.07+dfsg/cluster.cpp:1159:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
CLST.open((par::output_file_name+".cluster3.missing").c_str(),ios::out);
data/plink-1.07+dfsg/cluster.cpp:1595:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
INC.open(par::ibd_file.c_str());
data/plink-1.07+dfsg/cluster.cpp:1720:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GOUT0.open( (par::output_file_name + ".plst").c_str(), ios::out);
data/plink-1.07+dfsg/cluster.cpp:1724:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GOUT1.open( (par::output_file_name + ".clst").c_str(), ios::out);
data/plink-1.07+dfsg/cluster.cpp:1748:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GOUT.open( (par::output_file_name + ".genome").c_str(), ios::out);
data/plink-1.07+dfsg/cnv.cpp:210:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cline[par::MAX_LINE_LENGTH];
data/plink-1.07+dfsg/cnv.cpp:293:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
O2.open( (par::output_file_name+".notfound").c_str() , ios::out);
data/plink-1.07+dfsg/cnv.cpp:379:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
IN.open( par::cnv_listname.c_str() , ios::in );
data/plink-1.07+dfsg/cnv.cpp:662:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ROUT.open( ( par::output_file_name+".reg").c_str(), ios::out );
data/plink-1.07+dfsg/cnv.cpp:1326:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MOUT.open( ( par::output_file_name + ".cnv").c_str() , ios::out );
data/plink-1.07+dfsg/cnv.cpp:1374:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MOUT.open( ( par::output_file_name + ".fam").c_str() , ios::out );
data/plink-1.07+dfsg/cnv.cpp:1412:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MOUT.open( ( par::output_file_name + ".cnv.map").c_str() , ios::out );
data/plink-1.07+dfsg/cnv.cpp:1956:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SIBS.open( f.c_str() , ios::out );
data/plink-1.07+dfsg/cnv.cpp:2296:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
OUTF.open( f.c_str() , ios::out );
data/plink-1.07+dfsg/cnv.cpp:2358:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FOUT.open( f.c_str() , ios::out );
data/plink-1.07+dfsg/cnvqt.cpp:146:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FOUT.open( f.c_str() , ios::out );
data/plink-1.07+dfsg/cnvqt.cpp:206:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FOUT.open( f.c_str() , ios::out );
data/plink-1.07+dfsg/dcdflib.cpp:1443:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define atol (1.0e-50)
data/plink-1.07+dfsg/dcdflib.cpp:1600:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T4 = atol;
data/plink-1.07+dfsg/dcdflib.cpp:1648:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T10 = atol;
data/plink-1.07+dfsg/dcdflib.cpp:1684:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T14 = atol;
data/plink-1.07+dfsg/dcdflib.cpp:1715:8: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#undef atol
data/plink-1.07+dfsg/dcdflib.cpp:1808:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define atol (1.0e-50)
data/plink-1.07+dfsg/dcdflib.cpp:1972:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T5 = atol;
data/plink-1.07+dfsg/dcdflib.cpp:2008:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T9 = atol;
data/plink-1.07+dfsg/dcdflib.cpp:2041:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T12 = atol;
data/plink-1.07+dfsg/dcdflib.cpp:2083:8: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#undef atol
data/plink-1.07+dfsg/dcdflib.cpp:2169:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define atol (1.0e-50)
data/plink-1.07+dfsg/dcdflib.cpp:2294:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T6 = atol;
data/plink-1.07+dfsg/dcdflib.cpp:2334:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T10 = atol;
data/plink-1.07+dfsg/dcdflib.cpp:2369:8: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#undef atol
data/plink-1.07+dfsg/dcdflib.cpp:2465:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define atol (1.0e-50)
data/plink-1.07+dfsg/dcdflib.cpp:2553:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T5 = atol;
data/plink-1.07+dfsg/dcdflib.cpp:2584:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T9 = atol;
data/plink-1.07+dfsg/dcdflib.cpp:2614:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T12 = atol;
data/plink-1.07+dfsg/dcdflib.cpp:2641:8: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#undef atol
data/plink-1.07+dfsg/dcdflib.cpp:2734:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define atol (1.0e-50)
data/plink-1.07+dfsg/dcdflib.cpp:2855:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T6 = atol;
data/plink-1.07+dfsg/dcdflib.cpp:2891:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T10 = atol;
data/plink-1.07+dfsg/dcdflib.cpp:2927:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T14 = atol;
data/plink-1.07+dfsg/dcdflib.cpp:2958:8: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#undef atol
data/plink-1.07+dfsg/dcdflib.cpp:3064:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define atol (1.0e-50)
data/plink-1.07+dfsg/dcdflib.cpp:3162:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T5 = atol;
data/plink-1.07+dfsg/dcdflib.cpp:3193:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T9 = atol;
data/plink-1.07+dfsg/dcdflib.cpp:3224:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T13 = atol;
data/plink-1.07+dfsg/dcdflib.cpp:3254:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T16 = atol;
data/plink-1.07+dfsg/dcdflib.cpp:3281:8: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#undef atol
data/plink-1.07+dfsg/dcdflib.cpp:3380:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define atol (1.0e-50)
data/plink-1.07+dfsg/dcdflib.cpp:3530:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T7 = atol;
data/plink-1.07+dfsg/dcdflib.cpp:3580:8: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#undef atol
data/plink-1.07+dfsg/dcdflib.cpp:3682:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define atol (1.0e-50)
data/plink-1.07+dfsg/dcdflib.cpp:3840:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T6 = atol;
data/plink-1.07+dfsg/dcdflib.cpp:3875:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T9 = atol;
data/plink-1.07+dfsg/dcdflib.cpp:3908:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T12 = atol;
data/plink-1.07+dfsg/dcdflib.cpp:3951:8: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#undef atol
data/plink-1.07+dfsg/dcdflib.cpp:4236:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define atol (1.0e-50)
data/plink-1.07+dfsg/dcdflib.cpp:4346:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T6 = atol;
data/plink-1.07+dfsg/dcdflib.cpp:4381:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T9 = atol;
data/plink-1.07+dfsg/dcdflib.cpp:4412:8: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#undef atol
data/plink-1.07+dfsg/dcdflib.cpp:4491:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define atol (1.0e-50)
data/plink-1.07+dfsg/dcdflib.cpp:4594:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T6 = atol;
data/plink-1.07+dfsg/dcdflib.cpp:4630:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T10 = atol;
data/plink-1.07+dfsg/dcdflib.cpp:4661:8: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#undef atol
data/plink-1.07+dfsg/dfam.cpp:47:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TDT.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/dosage.cpp:176:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
skip0 = atoi( dosage_opt->getValue("skip0").c_str() );
data/plink-1.07+dfsg/dosage.cpp:178:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
skip1 = atoi( dosage_opt->getValue("skip1").c_str() );
data/plink-1.07+dfsg/dosage.cpp:180:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
skip2 = atoi( dosage_opt->getValue("skip2").c_str() );
data/plink-1.07+dfsg/dosage.cpp:389:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
detout.open( par::output_file_name + ".dosage.det" , false );
data/plink-1.07+dfsg/dosage.cpp:1364:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Q1.open( par::score_qrange_file.c_str() , ios::in );
data/plink-1.07+dfsg/elf.cpp:590:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ASC.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/elf.cpp:664:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
OUT.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/elf.cpp:834:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SDET_SNP.open( ( par::output_file_name+".elf.det."
data/plink-1.07+dfsg/elf.cpp:836:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SDET_IND.open( ( par::output_file_name+".elf.det."
data/plink-1.07+dfsg/elf.cpp:883:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
IN.open( par::rare_test_score_results_file.c_str() );
data/plink-1.07+dfsg/elf.cpp:974:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SUM.open( ( par::output_file_name + ".elf.summary").c_str() , ios::out );
data/plink-1.07+dfsg/elf.cpp:1088:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ELF.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/epi.cpp:68:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
EPI.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/epi.cpp:683:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
EPI.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/filters.cpp:197:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
REM.open(f.c_str(), ifstream::out);
data/plink-1.07+dfsg/filters.cpp:244:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FRQ.open(par::af_file.c_str());
data/plink-1.07+dfsg/filters.cpp:590:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
REM.open(f.c_str(), ifstream::out);
data/plink-1.07+dfsg/filters.cpp:610:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
NOF.open(f.c_str(), ifstream::out);
data/plink-1.07+dfsg/filters.cpp:642:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FRQ.open(f.c_str(), ifstream::out);
data/plink-1.07+dfsg/filters.cpp:714:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
HWD.open(f.c_str(), ifstream::out);
data/plink-1.07+dfsg/filters.cpp:1051:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MIS.open(f.c_str(), ifstream::out);
data/plink-1.07+dfsg/filters.cpp:1123:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MIS.open(f.c_str(), ifstream::out);
data/plink-1.07+dfsg/flip.cpp:201:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
OUT1.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/flip.cpp:223:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
OUT1V.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/genepi.cpp:328:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SET1.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/genepi.cpp:332:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SET2.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/genepi.cpp:402:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
EPI.open(f.c_str(), ios::out);
data/plink-1.07+dfsg/genepi.cpp:448:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
EPI.open(f.c_str(), ios::out);
data/plink-1.07+dfsg/genepi.cpp:981:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
EPI.open(f.c_str(), ios::out);
data/plink-1.07+dfsg/genome.cpp:54:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FRQ.open(f.c_str(), ifstream::out);
data/plink-1.07+dfsg/genome.cpp:337:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
HET.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/genome.cpp:363:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FST.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/genome.cpp:1016:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ZOUTFILE.open( f , par::compress_genome );
data/plink-1.07+dfsg/glm.cpp:99:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ASC.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/greport.cpp:38:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GREP.open( (par::output_file_name + ".range.report").c_str() , ios::out);
data/plink-1.07+dfsg/greport.cpp:56:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
RESIN.open( par::greport_results.c_str() , ios::in );
data/plink-1.07+dfsg/greport.cpp:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cline[par::MAX_LINE_LENGTH];
data/plink-1.07+dfsg/greport.cpp:134:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cline[par::MAX_LINE_LENGTH];
data/plink-1.07+dfsg/gvar.cpp:592:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GOUT.open( ( par::output_file_name
data/plink-1.07+dfsg/gvar.cpp:604:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GVERB.open((par::output_file_name+".assoc.gvar").c_str(),ios::out);
data/plink-1.07+dfsg/gxe.cpp:106:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ASC.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/haplohelper.cpp:154:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
HFRQ.open(f.c_str(), ios::out);
data/plink-1.07+dfsg/haplohelper.cpp:1158:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
HFRQ.open(f.c_str(), ios::out);
data/plink-1.07+dfsg/helper.cpp:324:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
y.push_back( atoi( v[i].c_str() ) );
data/plink-1.07+dfsg/helper.cpp:1157:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inp.open(f.c_str(), ifstream::in);
data/plink-1.07+dfsg/helper.cpp:1182:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inp.open(f.c_str(), ifstream::in);
data/plink-1.07+dfsg/helper.cpp:1206:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cline[par::MAX_LINE_LENGTH];
data/plink-1.07+dfsg/helper.cpp:1229:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cline[par::MAX_LINE_LENGTH];
data/plink-1.07+dfsg/helper.cpp:3042:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cline[par::MAX_LINE_LENGTH];
data/plink-1.07+dfsg/helper.cpp:3534:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
PPHE.open( ( par::output_file_name + ".pphe").c_str() , ios::out );
data/plink-1.07+dfsg/helper.cpp:3709:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
O2.open( (par::output_file_name+".notfound").c_str() , ios::out);
data/plink-1.07+dfsg/homozyg.cpp:270:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
HOM.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/homozyg.cpp:338:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SEG.open(par::read_segment_filename.c_str(),ios::in);
data/plink-1.07+dfsg/homozyg.cpp:973:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
HOM.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/homozyg.cpp:2483:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
OUT.open( (par::output_file_name+".cnv.grp.summary").c_str(), ios::out);
data/plink-1.07+dfsg/homozyg.cpp:2880:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
PHOM.open( f.c_str() , ios::out );
data/plink-1.07+dfsg/hotel.cpp:159:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ASC.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/hotel.cpp:207:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ASC.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/idhelp.cpp:1935:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
I1.open( (par::idhelp_match_string[s]).c_str() , ios::in );
data/plink-1.07+dfsg/informative.cpp:48:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
INC.open(par::ibd_file.c_str(), ios::in);
data/plink-1.07+dfsg/input.cpp:594:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
AMB.open(f.c_str(), ifstream::out);
data/plink-1.07+dfsg/input.cpp:706:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SET.open(par::setfile.c_str());
data/plink-1.07+dfsg/input.cpp:803:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cline[par::MAX_LINE_LENGTH];
data/plink-1.07+dfsg/input.cpp:910:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cline[par::MAX_LINE_LENGTH];
data/plink-1.07+dfsg/input.cpp:946:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cline[par::MAX_LINE_LENGTH];
data/plink-1.07+dfsg/input.cpp:1242:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cline[par::MAX_LINE_LENGTH];
data/plink-1.07+dfsg/input.cpp:1353:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cline[par::MAX_LINE_LENGTH];
data/plink-1.07+dfsg/input.cpp:1991:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MAP.open( filename.c_str());
data/plink-1.07+dfsg/input.cpp:2001:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cline[256];
data/plink-1.07+dfsg/input.cpp:2046:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
loc->bp = (long int)atoi(tokens[2].c_str());
data/plink-1.07+dfsg/input.cpp:2051:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
loc->bp = (long int)atoi(tokens[3].c_str());
data/plink-1.07+dfsg/input.cpp:2281:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
PED.open(filename.c_str());
data/plink-1.07+dfsg/input.cpp:2452:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
AMB.open(f.c_str(), ifstream::out);
data/plink-1.07+dfsg/input.cpp:2583:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MAPIN.open( par::update_mapfile.c_str(), ios::in );
data/plink-1.07+dfsg/input.cpp:2701:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MAPIN.open( par::update_allele_file.c_str(), ios::in );
data/plink-1.07+dfsg/input.cpp:2807:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FAM_ID.open( par::update_ids_file.c_str(), ios::in );
data/plink-1.07+dfsg/input.cpp:2844:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FAM_SEX.open( par::update_sex_file.c_str(), ios::in );
data/plink-1.07+dfsg/input.cpp:2887:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FAM_PAR.open( par::update_parents_file.c_str(), ios::in );
data/plink-1.07+dfsg/input.cpp:2923:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FAM_PHE.open( par::update_pheno_file.c_str(), ios::in );
data/plink-1.07+dfsg/legacy.cpp:571:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
PLO.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/lookup.cpp:200:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
OUT.open( f.c_str(), ios::out );
data/plink-1.07+dfsg/lookup.cpp:271:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
OUT.open( f.c_str(), ios::out );
data/plink-1.07+dfsg/merge.cpp:57:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cline[5000] = "";
data/plink-1.07+dfsg/merge.cpp:188:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cline[256] = "";
data/plink-1.07+dfsg/merge.cpp:214:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
loc->bp = (long int)atoi(tokens[2].c_str());
data/plink-1.07+dfsg/merge.cpp:219:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
loc->bp = (long int)atoi(tokens[3].c_str());
data/plink-1.07+dfsg/merge.cpp:452:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MERD.open(f.c_str(), ios::out);
data/plink-1.07+dfsg/merge.cpp:469:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
PED = fopen(par::merge_pedfile.c_str(),"r");
data/plink-1.07+dfsg/merge.cpp:764:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MSNP.open(f.c_str(), ios::out);
data/plink-1.07+dfsg/mh.cpp:72:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MHOUT.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/mh.cpp:232:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MHOUT.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/mh.cpp:858:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MHOUT.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/mishap.cpp:41:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
haplo->HTEST.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/multiple.cpp:223:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MT.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/output.cpp:80:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
PLO.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/output.cpp:1626:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
AMAP.open(f.c_str(), ios::in);
data/plink-1.07+dfsg/output.cpp:1997:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
BIT.open((par::output_file_name+".bim").c_str(), ios::out);
data/plink-1.07+dfsg/output.cpp:2029:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
BIT.open((par::output_file_name+".bed").c_str(), ios::out | ios::binary);
data/plink-1.07+dfsg/output.cpp:2037:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch[1];
data/plink-1.07+dfsg/output.cpp:2101:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch[1];
data/plink-1.07+dfsg/output.cpp:2149:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch[1];
data/plink-1.07+dfsg/pdriver.cpp:63:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
haplo->HTEST.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/pdriver.cpp:68:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
OUTFILE.open(f2.c_str(),ios::out);
data/plink-1.07+dfsg/pdriver.cpp:163:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
PLIST.open(par::proxy_all_list_file.c_str(), ios::in);
data/plink-1.07+dfsg/perm.cpp:49:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
PDUMP.open((par::output_file_name+".mperm.dump.all").c_str(),ios::out);
data/plink-1.07+dfsg/perm.cpp:53:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
PDUMP.open((par::output_file_name+".mperm.dump.best").c_str(),ios::out);
data/plink-1.07+dfsg/phase.cpp:155:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
VPHASE.open("phased.verbose",ios::out);
data/plink-1.07+dfsg/plink.cpp:94:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
LOG.open(string(par::output_file_name + ".log").c_str());
data/plink-1.07+dfsg/plink.cpp:888:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
P.haplo->HIMPUTE.open((par::output_file_name+".phased.out").c_str(), ios::out);
data/plink-1.07+dfsg/plink.cpp:1267:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
HET.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/plink.cpp:1312:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
RUN.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/plink.cpp:1703:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
P.haplo->HTEST.open(f.c_str(), ios::out);
data/plink-1.07+dfsg/plink.cpp:1720:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
P.haplo->HTEST.open(f.c_str(), ios::out);
data/plink-1.07+dfsg/plink.cpp:1737:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
P.haplo->HTEST.open(f.c_str(), ios::out);
data/plink-1.07+dfsg/plink.cpp:1917:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SEG.open(par::read_segment_filename.c_str(),ios::in);
data/plink-1.07+dfsg/plink.cpp:2043:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SEG.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/plink.cpp:2086:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MP.open(f.c_str(), ios::out);
data/plink-1.07+dfsg/plink.cpp:2096:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GMULTI.open(f.c_str(), ios::out);
data/plink-1.07+dfsg/poo.cpp:135:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TDT.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/poo.cpp:181:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TDT.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/poo.cpp:246:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TDT.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/prephap.cpp:97:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[500000];
data/plink-1.07+dfsg/prephap.cpp:348:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (P.locus[locusList[ck]]->chr != atoi(tokens[1].c_str()))
data/plink-1.07+dfsg/prephap.cpp:390:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
loc->bp = atoi(tokens[3].c_str());
data/plink-1.07+dfsg/prephap.cpp:449:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
loc->bp = atoi(tokens[3].c_str());
data/plink-1.07+dfsg/profile.cpp:81:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Q1.open( par::score_qrange_file.c_str() , ios::in );
data/plink-1.07+dfsg/profile.cpp:128:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
PROFIN.open( par::score_risk_file.c_str(), ios::in );
data/plink-1.07+dfsg/profile.cpp:229:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
O1.open( (par::output_file_name + suffix + ".nopred").c_str() , ios::out );
data/plink-1.07+dfsg/profile.cpp:265:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
PROFOUT.open( f.c_str(), ios::out );
data/plink-1.07+dfsg/profile.cpp:358:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
PROFOUT.open( f.c_str(), ios::out );
data/plink-1.07+dfsg/profile.cpp:385:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
PROFOUT.open( f.c_str(), ios::out );
data/plink-1.07+dfsg/qfam.cpp:372:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TDT.open((par::output_file_name+f).c_str(),ios::out);
data/plink-1.07+dfsg/r.cpp:73:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ROUT.open((par::output_file_name+".auto.R").c_str(), ios::out);
data/plink-1.07+dfsg/r.cpp:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[128];
data/plink-1.07+dfsg/r.cpp:99:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
RSCRIPT.open((par::output_file_name+".debug.R").c_str(), ios::out);
data/plink-1.07+dfsg/segment.cpp:229:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SEGS.open( (par::output_file_name+".segtest1.mperm").c_str() , ios::out );
data/plink-1.07+dfsg/segment.cpp:262:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SEGS.open( (par::output_file_name+".segtest1").c_str() , ios::out );
data/plink-1.07+dfsg/segment.cpp:857:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SIBS.open( f.c_str() , ios::out );
data/plink-1.07+dfsg/segment.cpp:1087:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SIBS.open( f.c_str() , ios::out );
data/plink-1.07+dfsg/segment.cpp:1115:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SIBS.open(f.c_str(), ios::out);
data/plink-1.07+dfsg/segment.cpp:1293:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SIBS.open( f.c_str() , ios::out );
data/plink-1.07+dfsg/segment.cpp:1438:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SSEG.open( f.c_str() , ios::app );
data/plink-1.07+dfsg/segment.cpp:1440:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SSEG.open( f.c_str() , ios::out );
data/plink-1.07+dfsg/segment.cpp:1808:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
HOM.open( f.c_str() , ios::out );
data/plink-1.07+dfsg/segment.cpp:1967:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SEG.open( f.c_str(), ios::out );
data/plink-1.07+dfsg/segment.cpp:2353:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MOUT.open( ( par::output_file_name + ".cnv.bed").c_str() , ios::out );
data/plink-1.07+dfsg/sets.cpp:170:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SET1.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/sets.cpp:174:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SET2.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/sets.cpp:365:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SOUT.open( ( par::output_file_name + ".ldset").c_str() , ios::out);
data/plink-1.07+dfsg/setscreen.cpp:60:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SSUM.open( (par::output_file_name + ".set.summary").c_str() , ios::out);
data/plink-1.07+dfsg/setscreen.cpp:70:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
RESIN.open( par::set_screen_resultfile.c_str() , ios::in );
data/plink-1.07+dfsg/setscreen.cpp:179:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SVERB.open( (par::output_file_name+".set.summary.verbose").c_str(), ios::out );
data/plink-1.07+dfsg/sharing.cpp:89:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ASC.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/simul.cpp:537:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SIM.open( par::simul_file.c_str(), ios::in );
data/plink-1.07+dfsg/simul.cpp:1044:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SIM.open( par::simul_file.c_str(), ios::in );
data/plink-1.07+dfsg/sisocks.h:145:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
default: sprintf(buf,"unknown socket error %d",sockerrno);
data/plink-1.07+dfsg/sockets.cpp:78:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_buf[BUF_SIZE+1]; // Output buffer for GET request
data/plink-1.07+dfsg/sockets.cpp:79:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_buf[BUF_SIZE+1]; // Input buffer for response
data/plink-1.07+dfsg/sockets.cpp:122:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char echoBuffer[BUF_SIZE + 1]; // Buffer for echo string + \0
data/plink-1.07+dfsg/tag.cpp:125:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
O2.open( ( par::output_file_name + ".tags.list").c_str() , ios::out );
data/plink-1.07+dfsg/tag.cpp:271:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
O1.open( (par::output_file_name+".tags").c_str(), ios::out);
data/plink-1.07+dfsg/tdt.cpp:296:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TDT.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/tdt.cpp:345:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TDT.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/tdt.cpp:398:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TDT.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/tdt.cpp:467:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TDT.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/tdt.cpp:496:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MT.open( (par::output_file_name + ".mt").c_str(), ios::out);
data/plink-1.07+dfsg/tinput.cpp:100:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
loc->bp = (long int)atoi(bp.c_str());
data/plink-1.07+dfsg/trio.cpp:433:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MEN.open(f.c_str(),ios::out);
data/plink-1.07+dfsg/trio.cpp:434:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MENL.open(fl.c_str(),ios::out);
data/plink-1.07+dfsg/trio.cpp:435:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MENI.open(fi.c_str(),ios::out);
data/plink-1.07+dfsg/trio.cpp:436:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MENF.open(ff.c_str(),ios::out);
data/plink-1.07+dfsg/trio.cpp:1036:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
POUT.open( (par::output_file_name+".tucc.ped").c_str(), ios::out);
data/plink-1.07+dfsg/webcheck.cpp:78:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
VER.open(".pversion",ios::in);
data/plink-1.07+dfsg/webcheck.cpp:214:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
VER.open(".pversion",ios::out);
data/plink-1.07+dfsg/whap.cpp:109:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
CH.open((par::output_file_name+".chap").c_str(),ios::out);
data/plink-1.07+dfsg/zed.cpp:26:3: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(f,cmode);
data/plink-1.07+dfsg/zed.cpp:35:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void ZInput::open(string f, bool cmode)
data/plink-1.07+dfsg/zed.cpp:49:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
zinf.open( filename.c_str() );
data/plink-1.07+dfsg/zed.cpp:55:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inf.open( filename.c_str() );
data/plink-1.07+dfsg/zed.cpp:130:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void ZOutput::open(string f, bool cmode)
data/plink-1.07+dfsg/zed.cpp:145:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
zoutf.open( filename.c_str() );
data/plink-1.07+dfsg/zed.cpp:153:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outf.open( filename.c_str() );
data/plink-1.07+dfsg/zed.cpp:163:3: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(f,cmode);
data/plink-1.07+dfsg/zed.h:23:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_LINE_LENGTH];
data/plink-1.07+dfsg/zed.h:36:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(string, bool);
data/plink-1.07+dfsg/zed.h:58:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_LINE_LENGTH];
data/plink-1.07+dfsg/zed.h:62:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(string,bool);
data/plink-1.07+dfsg/zfstream.cpp:51:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gzfilebuf::open(const char *name,
data/plink-1.07+dfsg/zfstream.cpp:62:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char char_mode[6] = "\0\0\0\0\0";
data/plink-1.07+dfsg/zfstream.cpp:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char char_mode[6] = "\0\0\0\0\0";
data/plink-1.07+dfsg/zfstream.cpp:384:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
this->open(name, mode);
data/plink-1.07+dfsg/zfstream.cpp:398:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gzifstream::open(const char* name,
data/plink-1.07+dfsg/zfstream.cpp:401:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!sb.open(name, mode | std::ios_base::in))
data/plink-1.07+dfsg/zfstream.cpp:439:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
this->open(name, mode);
data/plink-1.07+dfsg/zfstream.cpp:453:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gzofstream::open(const char* name,
data/plink-1.07+dfsg/zfstream.cpp:456:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!sb.open(name, mode | std::ios_base::out))
data/plink-1.07+dfsg/zfstream.h:66:3: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(const char* name,
data/plink-1.07+dfsg/zfstream.h:285:3: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(const char* name,
data/plink-1.07+dfsg/zfstream.h:374:3: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(const char* name,
data/plink-1.07+dfsg/Rconnection.cpp:107:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int tl=strlen(txt)+1;
data/plink-1.07+dfsg/Rconnection.cpp:148:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int Rmessage::read(int s) {
data/plink-1.07+dfsg/Rconnection.cpp:557:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
this->host=(char*)malloc(strlen(host)+1);
data/plink-1.07+dfsg/Rconnection.cpp:665:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return msg->read(s);
data/plink-1.07+dfsg/Rconnection.cpp:674:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return targetMsg->read(s);
data/plink-1.07+dfsg/Rconnection.cpp:692:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int tl=strlen(symbol)+1;
data/plink-1.07+dfsg/Rconnection.cpp:830:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
authbuf=(char*) malloc(strlen(user)+strlen(pwd)+22);
data/plink-1.07+dfsg/Rconnection.cpp:830:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
authbuf=(char*) malloc(strlen(user)+strlen(pwd)+22);
data/plink-1.07+dfsg/Rconnection.cpp:831:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(authbuf, user); c=authbuf+strlen(user);
data/plink-1.07+dfsg/Rconnection.h:93:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(int s);
data/plink-1.07+dfsg/Rconnection.h:265:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Rstring(const char *str) : Rexp(XT_STR, str, strlen(str)+1) {}
data/plink-1.07+dfsg/binput.cpp:287:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
BIT.read(ch,1);
data/plink-1.07+dfsg/binput.cpp:343:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
BIT.read(ch,1);
data/plink-1.07+dfsg/binput.cpp:376:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
BIT.read(ch,1);
data/plink-1.07+dfsg/binput.cpp:424:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
BIT.read(ch,1);
data/plink-1.07+dfsg/binput.cpp:438:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
BIT.read(ch,1);
data/plink-1.07+dfsg/binput.cpp:444:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
BIT.read(ch,1);
data/plink-1.07+dfsg/binput.cpp:467:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
BIT.read(ch,1);
data/plink-1.07+dfsg/bmerge.cpp:723:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
BIT.read(ch,1);
data/plink-1.07+dfsg/gvar.cpp:174:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (fgetc(GV) != '\n' && !feof(GV)) {}
data/plink-1.07+dfsg/helper.cpp:750:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char ch = fgetc(fp);
data/plink-1.07+dfsg/homozyg.cpp:396:15: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if ((double)mismatch/(double)(finish-start+1) > 1-par::fuzzy_homo ) return false;
data/plink-1.07+dfsg/homozyg.cpp:588:15: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if ((double)mismatch/(double)(finish-start+1) > 1-par::fuzzy_homo ) return false;
data/plink-1.07+dfsg/input.cpp:126:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (fgetc(PED) != '\n' && !feof(PED)) {}
data/plink-1.07+dfsg/input.cpp:292:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char ch = fgetc(PED);
data/plink-1.07+dfsg/input.cpp:337:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char ch = fgetc(PED);
data/plink-1.07+dfsg/merge.cpp:494:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (fgetc(PED) != '\n' && !feof(PED)) {}
data/plink-1.07+dfsg/merge.cpp:636:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char ch = fgetc(PED);
data/plink-1.07+dfsg/merge.cpp:666:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char ch = fgetc(PED);
data/plink-1.07+dfsg/merge.cpp:999:12: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (mismatch)
data/plink-1.07+dfsg/merge.cpp:1069:15: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if ( ! mismatch )
data/plink-1.07+dfsg/merge.cpp:1073:8: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (mismatch)
data/plink-1.07+dfsg/sisocks.h:128:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
case EBADF: strncpy(buf,"bad descriptor",blen); break;
data/plink-1.07+dfsg/sisocks.h:129:18: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
case EINVAL: strncpy(buf,"already in use",blen); break;
data/plink-1.07+dfsg/sisocks.h:130:18: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
case EACCES: strncpy(buf,"access denied",blen); break;
data/plink-1.07+dfsg/sisocks.h:131:20: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
case ENOTSOCK: strncpy(buf,"descriptor is not a socket",blen); break;
data/plink-1.07+dfsg/sisocks.h:132:22: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
case EOPNOTSUPP: strncpy(buf,"operation not supported",blen); break;
data/plink-1.07+dfsg/sisocks.h:133:18: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
case EFAULT: strncpy(buf,"fault",blen); break;
data/plink-1.07+dfsg/sisocks.h:134:23: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
case EWOULDBLOCK: strncpy(buf,"operation would block",blen); break;
data/plink-1.07+dfsg/sisocks.h:135:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
case EISCONN: strncpy(buf,"is already connected",blen); break;
data/plink-1.07+dfsg/sisocks.h:136:24: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
case ECONNREFUSED: strncpy(buf,"connection refused",blen); break;
data/plink-1.07+dfsg/sisocks.h:137:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
case ETIMEDOUT: strncpy(buf,"operation timed out",blen); break;
data/plink-1.07+dfsg/sisocks.h:138:23: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
case ENETUNREACH: strncpy(buf,"network is unreachable",blen); break;
data/plink-1.07+dfsg/sisocks.h:139:22: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
case EADDRINUSE: strncpy(buf,"address already in use",blen); break;
data/plink-1.07+dfsg/sisocks.h:140:23: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
case EINPROGRESS: strncpy(buf,"in progress",blen); break;
data/plink-1.07+dfsg/sisocks.h:141:20: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
case EALREADY: strncpy(buf,"previous connect request not completed yet",blen); break;
data/plink-1.07+dfsg/tinput.cpp:95:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (fgetc(MAP) != '\n' && !feof(MAP)) {}
data/plink-1.07+dfsg/tinput.cpp:349:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (fgetc(PED) != '\n' && !feof(PED)) {}
data/plink-1.07+dfsg/tinput.cpp:357:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (fgetc(PED) != '\n' && !feof(PED)) {}
data/plink-1.07+dfsg/tinput.cpp:389:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char ch = fgetc(PED);
data/plink-1.07+dfsg/tinput.cpp:419:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char ch = fgetc(PED);
data/plink-1.07+dfsg/zfstream.cpp:146:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(c_mode, "w");
data/plink-1.07+dfsg/zfstream.cpp:148:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(c_mode, "a");
data/plink-1.07+dfsg/zfstream.cpp:150:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(c_mode, "w");
data/plink-1.07+dfsg/zfstream.cpp:152:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(c_mode, "r");
data/plink-1.07+dfsg/zfstream.cpp:160:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c_mode) == 0)
data/plink-1.07+dfsg/zfstream.cpp:163:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(c_mode, "b");
ANALYSIS SUMMARY:
Hits = 379
Lines analyzed = 102677 in approximately 2.55 seconds (40192 lines/second)
Physical Source Lines of Code (SLOC) = 63766
Hits@level = [0] 38 [1] 57 [2] 301 [3] 10 [4] 11 [5] 0
Hits@level+ = [0+] 417 [1+] 379 [2+] 322 [3+] 21 [4+] 11 [5+] 0
Hits/KSLOC@level+ = [0+] 6.53954 [1+] 5.94361 [2+] 5.04971 [3+] 0.329329 [4+] 0.172506 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.