Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/r-cran-genabel-1.8-0/src/ctest.h
Examining data/r-cran-genabel-1.8-0/src/convert_snp_merlin.cpp
Examining data/r-cran-genabel-1.8-0/src/gwaa_data.cpp
Examining data/r-cran-genabel-1.8-0/src/AbstractMatrix_R.cpp
Examining data/r-cran-genabel-1.8-0/src/merge.snp.data.cpp
Examining data/r-cran-genabel-1.8-0/src/dometa.h
Examining data/r-cran-genabel-1.8-0/src/RealHandlerWrapper.cpp
Examining data/r-cran-genabel-1.8-0/src/convert_snp_illumina.cpp
Examining data/r-cran-genabel-1.8-0/src/Chip.cpp
Examining data/r-cran-genabel-1.8-0/src/chinv2.cpp
Examining data/r-cran-genabel-1.8-0/src/AbstractMatrix.cpp
Examining data/r-cran-genabel-1.8-0/src/survS.h
Examining data/r-cran-genabel-1.8-0/src/survproto.h
Examining data/r-cran-genabel-1.8-0/src/Transposer.h
Examining data/r-cran-genabel-1.8-0/src/FileVector.cpp
Examining data/r-cran-genabel-1.8-0/src/fexact.c
Examining data/r-cran-genabel-1.8-0/src/mematriR.h
Examining data/r-cran-genabel-1.8-0/src/ReusableFileHandle.cpp
Examining data/r-cran-genabel-1.8-0/src/convert_snp_merlin_wslash.cpp
Examining data/r-cran-genabel-1.8-0/src/gwaautil.cpp
Examining data/r-cran-genabel-1.8-0/src/frutil.cpp
Examining data/r-cran-genabel-1.8-0/src/dautil.cpp
Examining data/r-cran-genabel-1.8-0/src/convert.snp.affymetrix.cpp
Examining data/r-cran-genabel-1.8-0/src/Rstuff.h
Examining data/r-cran-genabel-1.8-0/src/lm_gwaa.cpp
Examining data/r-cran-genabel-1.8-0/src/Chip.h
Examining data/r-cran-genabel-1.8-0/src/frversion.h
Examining data/r-cran-genabel-1.8-0/src/frutil.h
Examining data/r-cran-genabel-1.8-0/src/coxfit2.cpp
Examining data/r-cran-genabel-1.8-0/src/FileVector.h
Examining data/r-cran-genabel-1.8-0/src/Logger.h
Examining data/r-cran-genabel-1.8-0/src/mematrix.h
Examining data/r-cran-genabel-1.8-0/src/chsolve2.cpp
Examining data/r-cran-genabel-1.8-0/src/CastUtils.cpp
Examining data/r-cran-genabel-1.8-0/src/interactions_rare_recesive_alleles.cpp
Examining data/r-cran-genabel-1.8-0/src/reg1.h
Examining data/r-cran-genabel-1.8-0/src/dometa.cpp
Examining data/r-cran-genabel-1.8-0/src/gtps_container.cpp
Examining data/r-cran-genabel-1.8-0/src/dautil.h
Examining data/r-cran-genabel-1.8-0/src/ReusableFileHandle.h
Examining data/r-cran-genabel-1.8-0/src/FilteredMatrix.cpp
Examining data/r-cran-genabel-1.8-0/src/FilteredMatrix_R.cpp
Examining data/r-cran-genabel-1.8-0/src/dmatrix.cpp
Examining data/r-cran-genabel-1.8-0/src/mematri1.h
Examining data/r-cran-genabel-1.8-0/src/gwaa_cpp.h
Examining data/r-cran-genabel-1.8-0/src/iterator.cpp
Examining data/r-cran-genabel-1.8-0/src/const.h
Examining data/r-cran-genabel-1.8-0/src/interactions_rare_recesive_alleles.h
Examining data/r-cran-genabel-1.8-0/src/gwaa.c
Examining data/r-cran-genabel-1.8-0/src/iterator_functions.h
Examining data/r-cran-genabel-1.8-0/src/AbstractMatrix.h
Examining data/r-cran-genabel-1.8-0/src/CastUtils.h
Examining data/r-cran-genabel-1.8-0/src/reg1data.h
Examining data/r-cran-genabel-1.8-0/src/RealHandlerWrapper.h
Examining data/r-cran-genabel-1.8-0/src/Logger.cpp
Examining data/r-cran-genabel-1.8-0/src/convert_util.h
Examining data/r-cran-genabel-1.8-0/src/cholesky2.cpp
Examining data/r-cran-genabel-1.8-0/src/Transposer.cpp
Examining data/r-cran-genabel-1.8-0/src/iterator_functions.cpp
Examining data/r-cran-genabel-1.8-0/src/export_plink.cpp
Examining data/r-cran-genabel-1.8-0/src/export_plink.h
Examining data/r-cran-genabel-1.8-0/src/convert_snp_tped.cpp
Examining data/r-cran-genabel-1.8-0/src/convert_util.cpp
Examining data/r-cran-genabel-1.8-0/src/iterator.h
Examining data/r-cran-genabel-1.8-0/src/gwaa_cpp.cpp
Examining data/r-cran-genabel-1.8-0/src/FilteredMatrix.h
Examining data/r-cran-genabel-1.8-0/src/gtps_container.h
FINAL RESULTS:
data/r-cran-genabel-1.8-0/src/CastUtils.cpp:57:18: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
result = sscanf(s.c_str(), format, &i);
data/r-cran-genabel-1.8-0/src/CastUtils.cpp:67:18: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
result = sscanf(s.c_str(), format, destData);
data/r-cran-genabel-1.8-0/src/convert_snp_illumina.cpp:132:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sd,"%s",tempstr.c_str());
data/r-cran-genabel-1.8-0/src/CastUtils.cpp:20:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const* parseFormats[9];
data/r-cran-genabel-1.8-0/src/CastUtils.cpp:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ret[500];
data/r-cran-genabel-1.8-0/src/CastUtils.cpp:106:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ret, "%hu", *(unsigned short int*)data);
data/r-cran-genabel-1.8-0/src/CastUtils.cpp:109:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ret, "%hd", *(short int*)data);
data/r-cran-genabel-1.8-0/src/CastUtils.cpp:112:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ret, "%u", *(unsigned int*)data);
data/r-cran-genabel-1.8-0/src/CastUtils.cpp:115:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ret, "%d", *(int*)data);
data/r-cran-genabel-1.8-0/src/CastUtils.cpp:118:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ret, "%f", *(float*)data);
data/r-cran-genabel-1.8-0/src/CastUtils.cpp:121:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ret, "%f", *(double*)data);
data/r-cran-genabel-1.8-0/src/CastUtils.cpp:124:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ret, "%d", (int)*(char*)data);
data/r-cran-genabel-1.8-0/src/CastUtils.cpp:127:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ret, "%d", (int)*(unsigned char*)data);
data/r-cran-genabel-1.8-0/src/FileVector.cpp:441:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outvec, cacheBuffer+offset,
data/r-cran-genabel-1.8-0/src/FileVector.cpp:454:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)outvec + i * getElementSize(),
data/r-cran-genabel-1.8-0/src/FileVector.cpp:490:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cacheBuffer + offset,
data/r-cran-genabel-1.8-0/src/FileVector.cpp:541:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cacheBuffer+offset, data, getElementSize() );
data/r-cran-genabel-1.8-0/src/FileVector.cpp:681:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to + j*getElementSize(),from + read_offset,getElementSize());
data/r-cran-genabel-1.8-0/src/FileVector.cpp:808:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newVariablesNames, variableNames,
data/r-cran-genabel-1.8-0/src/FilteredMatrix.cpp:58:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((char*)outvec)[i * getElementSize()],
data/r-cran-genabel-1.8-0/src/FilteredMatrix.cpp:96:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ptr[getElementSize() * this->filteredToRealColIdx[i]],
data/r-cran-genabel-1.8-0/src/RealHandlerWrapper.cpp:5:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool RealHandlerWrapper::open(const string &iFileName, bool iReadOnly) {
data/r-cran-genabel-1.8-0/src/RealHandlerWrapper.cpp:13:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream.open(fileName.c_str(), ios::in | ios::binary);
data/r-cran-genabel-1.8-0/src/RealHandlerWrapper.cpp:15:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream.open(fileName.c_str(), ios::out | ios::in | ios::binary);
data/r-cran-genabel-1.8-0/src/RealHandlerWrapper.h:27:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const string &fileName, bool readOnly);
data/r-cran-genabel-1.8-0/src/ReusableFileHandle.cpp:21:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rhw->open(fileName, readOnly);
data/r-cran-genabel-1.8-0/src/ReusableFileHandle.cpp:28:42: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool success = newHandleWrapper->open(fileName, readOnly);
data/r-cran-genabel-1.8-0/src/Transposer.cpp:91:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
src_stream->open(src_data_file_name.c_str(),ios::in | ios::binary);
data/r-cran-genabel-1.8-0/src/Transposer.cpp:94:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dest_stream->open(dest_data_file_name.c_str(),ios::out | ios::binary);
data/r-cran-genabel-1.8-0/src/Transposer.cpp:193:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)data_part_transposed + to_pos,
data/r-cran-genabel-1.8-0/src/convert_snp_illumina.cpp:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_chcoding [10];
data/r-cran-genabel-1.8-0/src/convert_snp_illumina.cpp:131:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sd[10];
data/r-cran-genabel-1.8-0/src/convert_snp_illumina.cpp:190:34: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (!allele1 && allele2) sprintf(tmp_chcoding,"%c%c",allele2,allele2); // only one allele present
data/r-cran-genabel-1.8-0/src/convert_snp_illumina.cpp:191:34: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (allele1 && !allele2) sprintf(tmp_chcoding,"%c%c",allele1,allele1); // only one allele present
data/r-cran-genabel-1.8-0/src/convert_snp_illumina.cpp:193:20: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (ca1 > ca2) sprintf(tmp_chcoding,"%c%c",allele1,allele2);
data/r-cran-genabel-1.8-0/src/convert_snp_illumina.cpp:194:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(tmp_chcoding,"%c%c",allele2,allele1);
data/r-cran-genabel-1.8-0/src/convert_snp_merlin.cpp:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_chcoding [10];
data/r-cran-genabel-1.8-0/src/convert_snp_merlin.cpp:290:33: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (!allele1 && allele2) sprintf(tmp_chcoding,"%c%c",allele2,allele2); // only one allele present
data/r-cran-genabel-1.8-0/src/convert_snp_merlin.cpp:291:33: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (allele1 && !allele2) sprintf(tmp_chcoding,"%c%c",allele1,allele1); // only one allele present
data/r-cran-genabel-1.8-0/src/convert_snp_merlin.cpp:293:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (ca1 > ca2) sprintf(tmp_chcoding,"%c%c",allele1,allele2);
data/r-cran-genabel-1.8-0/src/convert_snp_merlin.cpp:294:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(tmp_chcoding,"%c%c",allele2,allele1);
data/r-cran-genabel-1.8-0/src/convert_snp_merlin_wslash.cpp:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_chcoding [10];
data/r-cran-genabel-1.8-0/src/convert_snp_merlin_wslash.cpp:150:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char merlgdata[3];
data/r-cran-genabel-1.8-0/src/convert_snp_merlin_wslash.cpp:314:33: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (!allele1 && allele2) sprintf(tmp_chcoding,"%c%c",allele2,allele2); // only one allele present
data/r-cran-genabel-1.8-0/src/convert_snp_merlin_wslash.cpp:315:33: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (allele1 && !allele2) sprintf(tmp_chcoding,"%c%c",allele1,allele1); // only one allele present
data/r-cran-genabel-1.8-0/src/convert_snp_merlin_wslash.cpp:317:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (ca1 > ca2) sprintf(tmp_chcoding,"%c%c",allele1,allele2);
data/r-cran-genabel-1.8-0/src/convert_snp_merlin_wslash.cpp:318:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(tmp_chcoding,"%c%c",allele2,allele1);
data/r-cran-genabel-1.8-0/src/convert_snp_tped.cpp:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_chcoding [10];
data/r-cran-genabel-1.8-0/src/convert_snp_tped.cpp:161:34: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (!allele1 && allele2) sprintf(tmp_chcoding,"%c%c",allele2,allele2); // only one allele present
data/r-cran-genabel-1.8-0/src/convert_snp_tped.cpp:162:34: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (allele1 && !allele2) sprintf(tmp_chcoding,"%c%c",allele1,allele1); // only one allele present
data/r-cran-genabel-1.8-0/src/convert_snp_tped.cpp:164:20: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (ca1 > ca2) sprintf(tmp_chcoding,"%c%c",allele1,allele2);
data/r-cran-genabel-1.8-0/src/convert_snp_tped.cpp:165:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(tmp_chcoding,"%c%c",allele2,allele1);
data/r-cran-genabel-1.8-0/src/convert_util.cpp:299:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpstr,"%lu",i);
data/r-cran-genabel-1.8-0/src/convert_util.cpp:307:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpstr,"%lu",i);
data/r-cran-genabel-1.8-0/src/export_plink.cpp:92:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileWoA.open(filename.c_str(),std::fstream::app);
data/r-cran-genabel-1.8-0/src/export_plink.cpp:94:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileWoA.open(filename.c_str(),std::fstream::trunc);
data/r-cran-genabel-1.8-0/src/export_plink.cpp:192:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileWoA.open(filename.c_str(), std::fstream::trunc);
data/r-cran-genabel-1.8-0/src/frutil.cpp:119:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name.name, "%lu", i+1);
data/r-cran-genabel-1.8-0/src/frutil.cpp:127:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name.name, "%lu", j+1);
data/r-cran-genabel-1.8-0/src/frutil.h:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAMELENGTH];
data/r-cran-genabel-1.8-0/src/merge.snp.data.cpp:237:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char coding2_inverse_tmp[3] = {coding2[1], coding2[0], '\0'};
data/r-cran-genabel-1.8-0/src/merge.snp.data.cpp:243:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char coding2_fliped_inverse_tmp[3] = {coding2_fliped[1], coding2_fliped[0], '\0'};
data/r-cran-genabel-1.8-0/src/Transposer.cpp:156:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
src_stream->read(data_part + ( i * obs_length * data_size ),
data/r-cran-genabel-1.8-0/src/frutil.cpp:15:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
myfile.read((char*)&out, sizeof(out));
data/r-cran-genabel-1.8-0/src/frutil.cpp:192:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file.read(data+i*PART_SIZE, subLength);
data/r-cran-genabel-1.8-0/src/frutil.h:29:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, s.c_str(), NAMELENGTH-1);
ANALYSIS SUMMARY:
Hits = 66
Lines analyzed = 16273 in approximately 0.42 seconds (38822 lines/second)
Physical Source Lines of Code (SLOC) = 11250
Hits@level = [0] 6 [1] 4 [2] 59 [3] 0 [4] 3 [5] 0
Hits@level+ = [0+] 72 [1+] 66 [2+] 62 [3+] 3 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 6.4 [1+] 5.86667 [2+] 5.51111 [3+] 0.266667 [4+] 0.266667 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.