Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/racon-1.4.13/src/cuda/cudaaligner.cpp
Examining data/racon-1.4.13/src/cuda/cudaaligner.hpp
Examining data/racon-1.4.13/src/cuda/cudabatch.cpp
Examining data/racon-1.4.13/src/cuda/cudabatch.hpp
Examining data/racon-1.4.13/src/cuda/cudapolisher.cpp
Examining data/racon-1.4.13/src/cuda/cudapolisher.hpp
Examining data/racon-1.4.13/src/cuda/cudautils.hpp
Examining data/racon-1.4.13/src/logger.cpp
Examining data/racon-1.4.13/src/logger.hpp
Examining data/racon-1.4.13/src/main.cpp
Examining data/racon-1.4.13/src/overlap.cpp
Examining data/racon-1.4.13/src/overlap.hpp
Examining data/racon-1.4.13/src/polisher.hpp
Examining data/racon-1.4.13/src/sequence.cpp
Examining data/racon-1.4.13/src/sequence.hpp
Examining data/racon-1.4.13/src/window.cpp
Examining data/racon-1.4.13/src/window.hpp
Examining data/racon-1.4.13/src/polisher.cpp
Examining data/racon-1.4.13/test/racon_test.cpp
FINAL RESULTS:
data/racon-1.4.13/src/main.cpp:165:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(
data/racon-1.4.13/src/main.cpp:72:24: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argument = getopt_long(argc, argv, optstring.c_str(), options, nullptr)) != -1) {
data/racon-1.4.13/src/main.cpp:81:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
window_length = atoi(optarg);
data/racon-1.4.13/src/main.cpp:93:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
match = atoi(optarg);
data/racon-1.4.13/src/main.cpp:96:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mismatch = atoi(optarg);
data/racon-1.4.13/src/main.cpp:99:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gap = atoi(optarg);
data/racon-1.4.13/src/main.cpp:102:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_threads = atoi(optarg);
data/racon-1.4.13/src/main.cpp:117:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cudapoa_batches = atoi(argv[optind++]);
data/racon-1.4.13/src/main.cpp:121:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cudapoa_batches = atoi(optarg);
data/racon-1.4.13/src/main.cpp:128:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cudaaligner_batches = atoi(optarg);
data/racon-1.4.13/src/overlap.cpp:62:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
q_begin_ = atoi(&cigar_[0]);
data/racon-1.4.13/src/overlap.cpp:74:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
auto num_bases = atoi(&cigar_[j]);
data/racon-1.4.13/src/overlap.cpp:79:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
auto num_bases = atoi(&cigar_[j]);
data/racon-1.4.13/src/overlap.cpp:83:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
auto num_bases = atoi(&cigar_[j]);
data/racon-1.4.13/src/overlap.cpp:87:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
q_clip_length += atoi(&cigar_[j]);
data/racon-1.4.13/src/overlap.cpp:246:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t k = 0, num_bases = atoi(&cigar_[j]);
data/racon-1.4.13/src/overlap.cpp:271:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
q_ptr += atoi(&cigar_[j]);
data/racon-1.4.13/src/overlap.cpp:274:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t k = 0, num_bases = atoi(&cigar_[j]);
data/racon-1.4.13/src/cuda/cudabatch.cpp:26:60: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
int8_t mismatch,
data/racon-1.4.13/src/cuda/cudabatch.cpp:34:71: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
mismatch,
data/racon-1.4.13/src/cuda/cudabatch.cpp:43:47: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
int8_t mismatch,
data/racon-1.4.13/src/cuda/cudabatch.cpp:60:59: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
mismatch,
data/racon-1.4.13/src/cuda/cudabatch.hpp:25:134: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
std::unique_ptr<CUDABatchProcessor> createCUDABatch(uint32_t max_window_depth, uint32_t device, size_t avail_mem, int8_t gap, int8_t mismatch, int8_t match, bool cuda_banded_alignment);
data/racon-1.4.13/src/cuda/cudabatch.hpp:68:102: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
createCUDABatch(uint32_t max_window_depth, uint32_t device, size_t avail_mem, int8_t gap, int8_t mismatch, int8_t match, bool cuda_banded_alignment);
data/racon-1.4.13/src/cuda/cudabatch.hpp:77:105: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
CUDABatchProcessor(uint32_t max_window_depth, uint32_t device, size_t avail_mem, int8_t gap, int8_t mismatch, int8_t match, bool cuda_banded_alignment);
data/racon-1.4.13/src/cuda/cudapolisher.cpp:30:61: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
double error_threshold, bool trim, int8_t match, int8_t mismatch, int8_t gap,
data/racon-1.4.13/src/cuda/cudapolisher.cpp:35:24: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
match, mismatch, gap, num_threads)
data/racon-1.4.13/src/cuda/cudapolisher.cpp:39:21: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
, mismatch_(mismatch)
data/racon-1.4.13/src/cuda/cudapolisher.hpp:29:65: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
double error_threshold, bool trim, int8_t match, int8_t mismatch, int8_t gap,
data/racon-1.4.13/src/cuda/cudapolisher.hpp:38:65: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
double error_threshold, bool trim, int8_t match, int8_t mismatch, int8_t gap,
data/racon-1.4.13/src/main.cpp:149:39: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
error_threshold, trim, match, mismatch, gap, num_threads,
data/racon-1.4.13/src/polisher.cpp:58:61: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
double error_threshold, bool trim, int8_t match, int8_t mismatch, int8_t gap,
data/racon-1.4.13/src/polisher.cpp:141:70: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
quality_threshold, error_threshold, trim, match, mismatch, gap,
data/racon-1.4.13/src/polisher.cpp:155:70: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
quality_threshold, error_threshold, trim, match, mismatch, gap,
data/racon-1.4.13/src/polisher.cpp:164:61: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
double error_threshold, bool trim, int8_t match, int8_t mismatch, int8_t gap,
data/racon-1.4.13/src/polisher.cpp:181:46: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
spoa::AlignmentType::kNW, match, mismatch, gap));
data/racon-1.4.13/src/polisher.hpp:45:61: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
double error_threshold, bool trim, int8_t match, int8_t mismatch, int8_t gap,
data/racon-1.4.13/src/polisher.hpp:61:65: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
double error_threshold, bool trim, int8_t match, int8_t mismatch, int8_t gap,
data/racon-1.4.13/src/polisher.hpp:70:65: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
double error_threshold, bool trim, int8_t match, int8_t mismatch, int8_t gap,
data/racon-1.4.13/test/racon_test.cpp:32:30: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
int8_t match, int8_t mismatch, int8_t gap, uint32_t cuda_batches = 0,
data/racon-1.4.13/test/racon_test.cpp:37:13: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
mismatch, gap, 4, cuda_batches, cuda_banded_alignment, cudaaligner_batches);
ANALYSIS SUMMARY:
Hits = 41
Lines analyzed = 3400 in approximately 0.11 seconds (31062 lines/second)
Physical Source Lines of Code (SLOC) = 2521
Hits@level = [0] 31 [1] 23 [2] 16 [3] 1 [4] 1 [5] 0
Hits@level+ = [0+] 72 [1+] 41 [2+] 18 [3+] 2 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 28.5601 [1+] 16.2634 [2+] 7.14002 [3+] 0.793336 [4+] 0.396668 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.