Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/r-cran-genabel-1.8-0/src/ctest.h Examining data/r-cran-genabel-1.8-0/src/convert_snp_merlin.cpp Examining data/r-cran-genabel-1.8-0/src/gwaa_data.cpp Examining data/r-cran-genabel-1.8-0/src/AbstractMatrix_R.cpp Examining data/r-cran-genabel-1.8-0/src/merge.snp.data.cpp Examining data/r-cran-genabel-1.8-0/src/dometa.h Examining data/r-cran-genabel-1.8-0/src/RealHandlerWrapper.cpp Examining data/r-cran-genabel-1.8-0/src/convert_snp_illumina.cpp Examining data/r-cran-genabel-1.8-0/src/Chip.cpp Examining data/r-cran-genabel-1.8-0/src/chinv2.cpp Examining data/r-cran-genabel-1.8-0/src/AbstractMatrix.cpp Examining data/r-cran-genabel-1.8-0/src/survS.h Examining data/r-cran-genabel-1.8-0/src/survproto.h Examining data/r-cran-genabel-1.8-0/src/Transposer.h Examining data/r-cran-genabel-1.8-0/src/FileVector.cpp Examining data/r-cran-genabel-1.8-0/src/fexact.c Examining data/r-cran-genabel-1.8-0/src/mematriR.h Examining data/r-cran-genabel-1.8-0/src/ReusableFileHandle.cpp Examining data/r-cran-genabel-1.8-0/src/convert_snp_merlin_wslash.cpp Examining data/r-cran-genabel-1.8-0/src/gwaautil.cpp Examining data/r-cran-genabel-1.8-0/src/frutil.cpp Examining data/r-cran-genabel-1.8-0/src/dautil.cpp Examining data/r-cran-genabel-1.8-0/src/convert.snp.affymetrix.cpp Examining data/r-cran-genabel-1.8-0/src/Rstuff.h Examining data/r-cran-genabel-1.8-0/src/lm_gwaa.cpp Examining data/r-cran-genabel-1.8-0/src/Chip.h Examining data/r-cran-genabel-1.8-0/src/frversion.h Examining data/r-cran-genabel-1.8-0/src/frutil.h Examining data/r-cran-genabel-1.8-0/src/coxfit2.cpp Examining data/r-cran-genabel-1.8-0/src/FileVector.h Examining data/r-cran-genabel-1.8-0/src/Logger.h Examining data/r-cran-genabel-1.8-0/src/mematrix.h Examining data/r-cran-genabel-1.8-0/src/chsolve2.cpp Examining data/r-cran-genabel-1.8-0/src/CastUtils.cpp Examining data/r-cran-genabel-1.8-0/src/interactions_rare_recesive_alleles.cpp Examining data/r-cran-genabel-1.8-0/src/reg1.h Examining data/r-cran-genabel-1.8-0/src/dometa.cpp Examining data/r-cran-genabel-1.8-0/src/gtps_container.cpp Examining data/r-cran-genabel-1.8-0/src/dautil.h Examining data/r-cran-genabel-1.8-0/src/ReusableFileHandle.h Examining data/r-cran-genabel-1.8-0/src/FilteredMatrix.cpp Examining data/r-cran-genabel-1.8-0/src/FilteredMatrix_R.cpp Examining data/r-cran-genabel-1.8-0/src/dmatrix.cpp Examining data/r-cran-genabel-1.8-0/src/mematri1.h Examining data/r-cran-genabel-1.8-0/src/gwaa_cpp.h Examining data/r-cran-genabel-1.8-0/src/iterator.cpp Examining data/r-cran-genabel-1.8-0/src/const.h Examining data/r-cran-genabel-1.8-0/src/interactions_rare_recesive_alleles.h Examining data/r-cran-genabel-1.8-0/src/gwaa.c Examining data/r-cran-genabel-1.8-0/src/iterator_functions.h Examining data/r-cran-genabel-1.8-0/src/AbstractMatrix.h Examining data/r-cran-genabel-1.8-0/src/CastUtils.h Examining data/r-cran-genabel-1.8-0/src/reg1data.h Examining data/r-cran-genabel-1.8-0/src/RealHandlerWrapper.h Examining data/r-cran-genabel-1.8-0/src/Logger.cpp Examining data/r-cran-genabel-1.8-0/src/convert_util.h Examining data/r-cran-genabel-1.8-0/src/cholesky2.cpp Examining data/r-cran-genabel-1.8-0/src/Transposer.cpp Examining data/r-cran-genabel-1.8-0/src/iterator_functions.cpp Examining data/r-cran-genabel-1.8-0/src/export_plink.cpp Examining data/r-cran-genabel-1.8-0/src/export_plink.h Examining data/r-cran-genabel-1.8-0/src/convert_snp_tped.cpp Examining data/r-cran-genabel-1.8-0/src/convert_util.cpp Examining data/r-cran-genabel-1.8-0/src/iterator.h Examining data/r-cran-genabel-1.8-0/src/gwaa_cpp.cpp Examining data/r-cran-genabel-1.8-0/src/FilteredMatrix.h Examining data/r-cran-genabel-1.8-0/src/gtps_container.h FINAL RESULTS: data/r-cran-genabel-1.8-0/src/CastUtils.cpp:57:18: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. result = sscanf(s.c_str(), format, &i); data/r-cran-genabel-1.8-0/src/CastUtils.cpp:67:18: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. result = sscanf(s.c_str(), format, destData); data/r-cran-genabel-1.8-0/src/convert_snp_illumina.cpp:132:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sd,"%s",tempstr.c_str()); data/r-cran-genabel-1.8-0/src/CastUtils.cpp:20:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const* parseFormats[9]; data/r-cran-genabel-1.8-0/src/CastUtils.cpp:103:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ret[500]; data/r-cran-genabel-1.8-0/src/CastUtils.cpp:106:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ret, "%hu", *(unsigned short int*)data); data/r-cran-genabel-1.8-0/src/CastUtils.cpp:109:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ret, "%hd", *(short int*)data); data/r-cran-genabel-1.8-0/src/CastUtils.cpp:112:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ret, "%u", *(unsigned int*)data); data/r-cran-genabel-1.8-0/src/CastUtils.cpp:115:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ret, "%d", *(int*)data); data/r-cran-genabel-1.8-0/src/CastUtils.cpp:118:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ret, "%f", *(float*)data); data/r-cran-genabel-1.8-0/src/CastUtils.cpp:121:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ret, "%f", *(double*)data); data/r-cran-genabel-1.8-0/src/CastUtils.cpp:124:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ret, "%d", (int)*(char*)data); data/r-cran-genabel-1.8-0/src/CastUtils.cpp:127:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ret, "%d", (int)*(unsigned char*)data); data/r-cran-genabel-1.8-0/src/FileVector.cpp:441:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(outvec, cacheBuffer+offset, data/r-cran-genabel-1.8-0/src/FileVector.cpp:454:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*)outvec + i * getElementSize(), data/r-cran-genabel-1.8-0/src/FileVector.cpp:490:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cacheBuffer + offset, data/r-cran-genabel-1.8-0/src/FileVector.cpp:541:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cacheBuffer+offset, data, getElementSize() ); data/r-cran-genabel-1.8-0/src/FileVector.cpp:681:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to + j*getElementSize(),from + read_offset,getElementSize()); data/r-cran-genabel-1.8-0/src/FileVector.cpp:808:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newVariablesNames, variableNames, data/r-cran-genabel-1.8-0/src/FilteredMatrix.cpp:58:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&((char*)outvec)[i * getElementSize()], data/r-cran-genabel-1.8-0/src/FilteredMatrix.cpp:96:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ptr[getElementSize() * this->filteredToRealColIdx[i]], data/r-cran-genabel-1.8-0/src/RealHandlerWrapper.cpp:5:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool RealHandlerWrapper::open(const string &iFileName, bool iReadOnly) { data/r-cran-genabel-1.8-0/src/RealHandlerWrapper.cpp:13:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). stream.open(fileName.c_str(), ios::in | ios::binary); data/r-cran-genabel-1.8-0/src/RealHandlerWrapper.cpp:15:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). stream.open(fileName.c_str(), ios::out | ios::in | ios::binary); data/r-cran-genabel-1.8-0/src/RealHandlerWrapper.h:27:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(const string &fileName, bool readOnly); data/r-cran-genabel-1.8-0/src/ReusableFileHandle.cpp:21:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). rhw->open(fileName, readOnly); data/r-cran-genabel-1.8-0/src/ReusableFileHandle.cpp:28:42: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool success = newHandleWrapper->open(fileName, readOnly); data/r-cran-genabel-1.8-0/src/Transposer.cpp:91:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). src_stream->open(src_data_file_name.c_str(),ios::in | ios::binary); data/r-cran-genabel-1.8-0/src/Transposer.cpp:94:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dest_stream->open(dest_data_file_name.c_str(),ios::out | ios::binary); data/r-cran-genabel-1.8-0/src/Transposer.cpp:193:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*)data_part_transposed + to_pos, data/r-cran-genabel-1.8-0/src/convert_snp_illumina.cpp:65:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_chcoding [10]; data/r-cran-genabel-1.8-0/src/convert_snp_illumina.cpp:131:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sd[10]; data/r-cran-genabel-1.8-0/src/convert_snp_illumina.cpp:190:34: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else if (!allele1 && allele2) sprintf(tmp_chcoding,"%c%c",allele2,allele2); // only one allele present data/r-cran-genabel-1.8-0/src/convert_snp_illumina.cpp:191:34: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else if (allele1 && !allele2) sprintf(tmp_chcoding,"%c%c",allele1,allele1); // only one allele present data/r-cran-genabel-1.8-0/src/convert_snp_illumina.cpp:193:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (ca1 > ca2) sprintf(tmp_chcoding,"%c%c",allele1,allele2); data/r-cran-genabel-1.8-0/src/convert_snp_illumina.cpp:194:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf(tmp_chcoding,"%c%c",allele2,allele1); data/r-cran-genabel-1.8-0/src/convert_snp_merlin.cpp:71:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_chcoding [10]; data/r-cran-genabel-1.8-0/src/convert_snp_merlin.cpp:290:33: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else if (!allele1 && allele2) sprintf(tmp_chcoding,"%c%c",allele2,allele2); // only one allele present data/r-cran-genabel-1.8-0/src/convert_snp_merlin.cpp:291:33: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else if (allele1 && !allele2) sprintf(tmp_chcoding,"%c%c",allele1,allele1); // only one allele present data/r-cran-genabel-1.8-0/src/convert_snp_merlin.cpp:293:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (ca1 > ca2) sprintf(tmp_chcoding,"%c%c",allele1,allele2); data/r-cran-genabel-1.8-0/src/convert_snp_merlin.cpp:294:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf(tmp_chcoding,"%c%c",allele2,allele1); data/r-cran-genabel-1.8-0/src/convert_snp_merlin_wslash.cpp:69:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_chcoding [10]; data/r-cran-genabel-1.8-0/src/convert_snp_merlin_wslash.cpp:150:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char merlgdata[3]; data/r-cran-genabel-1.8-0/src/convert_snp_merlin_wslash.cpp:314:33: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else if (!allele1 && allele2) sprintf(tmp_chcoding,"%c%c",allele2,allele2); // only one allele present data/r-cran-genabel-1.8-0/src/convert_snp_merlin_wslash.cpp:315:33: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else if (allele1 && !allele2) sprintf(tmp_chcoding,"%c%c",allele1,allele1); // only one allele present data/r-cran-genabel-1.8-0/src/convert_snp_merlin_wslash.cpp:317:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (ca1 > ca2) sprintf(tmp_chcoding,"%c%c",allele1,allele2); data/r-cran-genabel-1.8-0/src/convert_snp_merlin_wslash.cpp:318:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf(tmp_chcoding,"%c%c",allele2,allele1); data/r-cran-genabel-1.8-0/src/convert_snp_tped.cpp:54:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_chcoding [10]; data/r-cran-genabel-1.8-0/src/convert_snp_tped.cpp:161:34: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else if (!allele1 && allele2) sprintf(tmp_chcoding,"%c%c",allele2,allele2); // only one allele present data/r-cran-genabel-1.8-0/src/convert_snp_tped.cpp:162:34: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else if (allele1 && !allele2) sprintf(tmp_chcoding,"%c%c",allele1,allele1); // only one allele present data/r-cran-genabel-1.8-0/src/convert_snp_tped.cpp:164:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (ca1 > ca2) sprintf(tmp_chcoding,"%c%c",allele1,allele2); data/r-cran-genabel-1.8-0/src/convert_snp_tped.cpp:165:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf(tmp_chcoding,"%c%c",allele2,allele1); data/r-cran-genabel-1.8-0/src/convert_util.cpp:299:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmpstr,"%lu",i); data/r-cran-genabel-1.8-0/src/convert_util.cpp:307:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmpstr,"%lu",i); data/r-cran-genabel-1.8-0/src/export_plink.cpp:92:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fileWoA.open(filename.c_str(),std::fstream::app); data/r-cran-genabel-1.8-0/src/export_plink.cpp:94:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fileWoA.open(filename.c_str(),std::fstream::trunc); data/r-cran-genabel-1.8-0/src/export_plink.cpp:192:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fileWoA.open(filename.c_str(), std::fstream::trunc); data/r-cran-genabel-1.8-0/src/frutil.cpp:119:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name.name, "%lu", i+1); data/r-cran-genabel-1.8-0/src/frutil.cpp:127:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name.name, "%lu", j+1); data/r-cran-genabel-1.8-0/src/frutil.h:32:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[NAMELENGTH]; data/r-cran-genabel-1.8-0/src/merge.snp.data.cpp:237:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char coding2_inverse_tmp[3] = {coding2[1], coding2[0], '\0'}; data/r-cran-genabel-1.8-0/src/merge.snp.data.cpp:243:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char coding2_fliped_inverse_tmp[3] = {coding2_fliped[1], coding2_fliped[0], '\0'}; data/r-cran-genabel-1.8-0/src/Transposer.cpp:156:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). src_stream->read(data_part + ( i * obs_length * data_size ), data/r-cran-genabel-1.8-0/src/frutil.cpp:15:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). myfile.read((char*)&out, sizeof(out)); data/r-cran-genabel-1.8-0/src/frutil.cpp:192:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). file.read(data+i*PART_SIZE, subLength); data/r-cran-genabel-1.8-0/src/frutil.h:29:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name, s.c_str(), NAMELENGTH-1); ANALYSIS SUMMARY: Hits = 66 Lines analyzed = 16273 in approximately 0.42 seconds (38822 lines/second) Physical Source Lines of Code (SLOC) = 11250 Hits@level = [0] 6 [1] 4 [2] 59 [3] 0 [4] 3 [5] 0 Hits@level+ = [0+] 72 [1+] 66 [2+] 62 [3+] 3 [4+] 3 [5+] 0 Hits/KSLOC@level+ = [0+] 6.4 [1+] 5.86667 [2+] 5.51111 [3+] 0.266667 [4+] 0.266667 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.